cbcvebase.
CVE-2023-29044
published 2023-11-02

CVE-2023-29044: Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be…

PriorityP427medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.38%
30.2th percentile
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.

Affected

3 ranges
VendorProductVersion rangeFixed in
open-xchangeopen-xchange_appsuite< 7.10.67.10.6
open-xchangeopen-xchange_appsuite
ox_software_gmbhox_app_suite<= 7.10.6-rev7
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.