Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an malicious user to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-xchange ox guard |
||
open-xchange ox guard 2.10.7 |