Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-41704

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.

Published

2024-02-12T09:15:10.697

Last Modified

2024-11-21T08:21:30.443

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	open-xchange	open-xchange_appsuite	< 7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	< 7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	< 8.20	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.6.3	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite	7.10.6	Yes

References

https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json Vendor Advisory ([email protected])
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf Release Notes ([email protected])
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf Release Notes (af854a3a-2127-422b-91ae-364da2661108)