Open-Xchange: OX Guard: DOM Based Cross-Site Scripting (#2)

Summary OX Guard's "Guest Reader" is vulnerable to DOM Based XSS. While this report is closely related to 158853, it is not a duplicate. I've had a look at the code introduced by commit 7fdbd307662f0041ed5e45b2f73c6530b79c6124, which I believe was supposed to protect against 158853. Today's repor...

Open-Xchange: OX Guard: DOM Based Cross-Site Scripting

Summary OX Guard's "Guest Reader" is vulnerable to DOM Based XSS. The vulnerable parameter is "templid". The reader.js script see below takes the parameter's value and injects it into the page/DOM without encoding/sanitizing it first. PoC:...