The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-xchange ox app suite 7.10.6 |
||
open-xchange ox app suite |