CVE-2023-41704 — Cross-site Scripting in Appsuite

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA7.1

EPSS

0.5%

top 36.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Appsuite Open-xchange Gmbh OX APP Suite

Timeline

PublishedFeb 12

Description

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDopen-xchange/open-xchange_appsuite< 7.6.3+4

▶CVEListV5open-xchange_gmbh/ox_app_suite7.10.6-rev55+2

🔴Vulnerability Details

GHSA

GHSA-g4pm-v5gm-7f4h: Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine↗2024-02-12

▶

CVEList

CVE-2023-41704: Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine↗2024-02-12

▶