CVE-2023-41703
MEDIUMOpen-xchange Appsuite < 7.10.6 - XSS
Title source: ruleDescription
User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.
References (3)
Scores
CVSS v3
6.1
EPSS
0.0054
EPSS Percentile
67.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
published
Affected Products (50)
open-xchange/open-xchange_appsuite
< 7.10.6
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
open-xchange/open-xchange_appsuite
... and 35 more
Timeline
Published
Feb 12, 2024
Tracked Since
Feb 18, 2026