An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-xchange open-xchange appsuite |