CVE-2023-41703
published 2024-02-12CVE-2023-41703: User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a…
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.53%
40.6th percentile
User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | < 7.10.6 | 7.10.6 |
| open-xchange | open-xchange_appsuite | < 8.20 | 8.20 |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange_gmbh | ox_app_suite | <= 7.10.6-rev9 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.jsonhttps://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdfhttp://seclists.org/fulldisclosure/2024/Feb/10https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.jsonhttps://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf
2024-02-12
Published