CVE-2023-41704
published 2024-02-12CVE-2023-41704: Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be…
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.53%
40.6th percentile
Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | < 7.6.3 | 7.6.3 |
| open-xchange | open-xchange_appsuite | < 7.10.6 | 7.10.6 |
| open-xchange | open-xchange_appsuite | < 8.20 | 8.20 |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange_gmbh | ox_app_suite | <= 7.10.6-rev55 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.jsonhttps://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdfhttp://seclists.org/fulldisclosure/2024/Feb/10https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.jsonhttps://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf
2024-02-12
Published