Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-6853Cross-site Scripting in OX Guard

CWE-79Cross-site ScriptingCWE-416Use After Free5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.8%
top 26.47%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Open-xchange OX Guard
Timeline
PublishedDec 15
Latest updateMay 14

Description

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (send

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-6jmc-wgh2-9jr6: An issue was discovered in Open-Xchange OX Guard before 22022-05-14
CVEList
CVE-2016-6853: An issue was discovered in Open-Xchange OX Guard before 22016-12-15

💥Exploits & PoCs

1
Exploit-DB
Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities2016-09-13

📋Vendor Advisories

1
Red Hat
kernel: Use After Free in /dev/fimg2d2016-11-09
CVE-2016-6853 — Cross-site Scripting in OX Guard | cvebase