Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-23187

Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known.

Published

2024-05-06T07:15:06.850

Last Modified

2025-03-05T22:10:38.723

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	open-xchange	ox_app_suite	< 8.22	Yes

References

http://seclists.org/fulldisclosure/2024/May/3 Mailing List, Third Party Advisory ([email protected])
https://documentation.open-xchange.com/appsuite/releases/8.22/ Release Notes ([email protected])
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/oxas-adv-2024-0002.json Issue Tracking, Vendor Advisory ([email protected])
http://seclists.org/fulldisclosure/2024/May/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://documentation.open-xchange.com/appsuite/releases/8.22/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/oxas-adv-2024-0002.json Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)