CVE-2016-3173

{"id": "CVE-2016-3173", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2016-12-15T06:59:02.347", "references": [{"url": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/538481/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/538481/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability."}, {"lang": "es", "value": "Ha sido descubierto un problema en Open-Xchange OX AppSuite en versiones anteriores a 7.8.0-rev27. El par\u00e1metro aria-label de los t\u00edtulos en el Portal pueden ser utilizados para inyectar c\u00f3digo script. Esas etiquetas usan el nombre del archivo (e.j. una imagen) que se muestra en la aplicaci\u00f3n del portal. El uso de c\u00f3digo script en el nombre del archivo conduce a la ejecuci\u00f3n del script. C\u00f3digo script malicioso puede ser ejecutado dentro de un contexto de usuario. Esto puede conducir al secuestro de sesi\u00f3n o el desencadenamiento de acciones no deseadas a trav\u00e9s de la interfaz web (enviando correos, borrando datos etc.). Los usuarios tienen que a\u00f1adir activamente un archivo al portal para habilitar este ataque. En caso de archivos compartidos sin embargo, un atacante interno podr\u00eda modificar un archivo previamente embebido para portar un nombre de archivo malicioso. Adem\u00e1s, esta vulnerabilidad puede ser utilizada para ejecutar c\u00f3digo que fue inyectado por una vulnerabilidad temporal de ejecuci\u00f3n de secuencias de comandos."}], "lastModified": "2024-11-21T02:49:32.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "114717B8-5FC3-4633-BE62-AFE9F5C9843A", "versionEndIncluding": "7.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}