CVE-2023-41703 — Cross-site Scripting in Appsuite

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 27.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Appsuite Open-xchange Gmbh OX APP Suite

Timeline

PublishedFeb 12

Description

User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDopen-xchange/open-xchange_appsuite< 7.10.6+2

▶CVEListV5open-xchange_gmbh/ox_app_suite7.10.6-rev9+1

🔴Vulnerability Details

GHSA

GHSA-7cxw-p58p-m7w4: User ID references at mentions in document comments were not correctly sanitized↗2024-02-12

▶

CVEList

CVE-2023-41703: User ID references at mentions in document comments were not correctly sanitized↗2024-02-12

▶