CVE-2016-6850

CVE-2016-6850

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person’s image within a browser. Malicious script code can be executed within a user’s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

Source: CVE-2016-6850

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다