CVE-2023-41704

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-41704
Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json Vendor Advisory
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf Release Notes
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json Vendor Advisory
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf Release Notes
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:-:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3464:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3519:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3569:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3627:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3728:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3875:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3922:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3949:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3991:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4047:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4133:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4423:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4470:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4552:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4667:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4750:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4789:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4839:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4860:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4895:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5104:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5165:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5231:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5537:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5637:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5910:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*
History

No history.

Information

Published : 2024-02-12 09:15

Updated : 2024-11-21 08:21

NVD link : CVE-2023-41704

Mitre link : CVE-2023-41704

CVE.ORG link : CVE-2023-41704

JSON object : View

Products Affected

open-xchange

  • open-xchange_appsuite
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')