CVE-2017-5864
Description
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OX App Suite 7.8.3 and earlier is vulnerable to Cross-Site Scripting (XSS), allowing arbitrary script injection.
Vulnerability
Open-Xchange OX App Suite versions 7.8.3 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability. The specific input vectors are not detailed, but the issue allows injection of arbitrary HTML and JavaScript into the application [1].
Exploitation
An attacker can craft malicious input that is not properly sanitized by the application. This input, when processed and rendered by the victim's browser, executes the injected script. The attacker may deliver the payload through various channels such as email, calendar events, or other user-generated content. User interaction is required, such as viewing a crafted message or page.
Impact
Successful exploitation results in arbitrary JavaScript execution in the context of the victim's session. This can lead to session hijacking, sensitive data disclosure (e.g., emails, contacts), or unauthorized actions performed on behalf of the victim.
Mitigation
The vulnerability is fixed in OX App Suite 7.8.4, released on 2017-05-23 [1]. Users should upgrade to version 7.8.4 or later to mitigate the risk. No official workarounds are provided.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Open-Xchange GmbH/OX App Suitedescription
- Range: <=7.8.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- open-xchange.commitrex_refsource_MISC
- ox.commitrex_refsource_MISC
- documentation.open-xchange.com/7.8.4/release-notes/release-notes.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.