Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2016-2840
HistoryDec 15, 2016 - 6:31 a.m.

CVE-2016-2840

2016-12-1506:31:00
mitre
www.cve.org
6

EPSS

0.001

Percentile

49.2%

JSON

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The β€œsession” parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain’s context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts.

Related

nvd 1
prion 1
openvas 1
cve 1
nvd
nvd
CVE-2016-2840
2016-12-15 06:59:01
prion
prion
Design/Logic Flaw
2016-12-15 06:59:00
openvas
openvas
Open-Xchange (OX) App Suite Multiple Cross Site Scripting Vulnerabilities - 02
2017-01-02 00:00:00
cve
cve
CVE-2016-2840
2016-12-15 06:59:01

EPSS

0.001

Percentile

49.2%

JSON
Related for CVELIST:CVE-2016-2840
nvd1prion1openvas1cve1