← back
CVE-2023-41708

CVE-2023-41708

CVSS 5.4 MEDIUMEPSS 0.5%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
12 Feb 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
Open-Xchange GmbH · OX App Suite

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.jsonhttp://seclists.org/fulldisclosure/2024/Feb/10https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf