Vulnerability Description
Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Xchange | Ox App Suite | 7.10.6 |
Related Weaknesses (CWE)
References
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxIssue Tracking
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release Notes
- http://seclists.org/fulldisclosure/2024/Jan/4
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxIssue Tracking
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release Notes
FAQ
What is CVE-2023-29052?
CVE-2023-29052 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious scrip...
How severe is CVE-2023-29052?
CVE-2023-29052 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-29052?
Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Ox App Suite.