Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-29052

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

Published

2024-01-08T09:15:20.680

Last Modified

2024-11-21T07:56:27.370

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes
Application	open-xchange	ox_app_suite	7.10.6	Yes

References

https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json Issue Tracking ([email protected])
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf Release Notes ([email protected])
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf Release Notes (af854a3a-2127-422b-91ae-364da2661108)