CVE-2024-23186

MEDIUM

Open-xchange OX App Suite < 8.22 - XSS

Title source: rule

Description

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known.

References (3)

Scores

CVSS v3 6.5
EPSS 0.0045
EPSS Percentile 63.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (1)

open-xchange/ox_app_suite < 8.22

Timeline

Published May 06, 2024
Tracked Since Feb 18, 2026