CVE-2023-41710

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-41710
User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json Issue Tracking
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf Release Notes
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev30:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev31:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev32:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev33:*:*:*:*:*:*
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev34:*:*:*:*:*:*
History

No history.

Information

Published : 2024-01-08 09:15

Updated : 2024-01-22 11:15

NVD link : CVE-2023-41710

Mitre link : CVE-2023-41710

CVE.ORG link : CVE-2023-41710

JSON object : View

Products Affected

open-xchange

  • ox_app_suite
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')