CVE-2023-41704 — HIGH (7.1)

Q: How severe is CVE-2023-41704?

CVE-2023-41704 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-41704?

Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Open-Xchange Appsuite.

Vulnerability Description

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Open-Xchange	Open-Xchange Appsuite	< 7.6.3

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2023-41704?

CVE-2023-41704 is a vulnerability with a CVSS score of 7.1 (HIGH). Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting w...

How severe is CVE-2023-41704?

CVE-2023-41704 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-41704?

Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Open-Xchange Appsuite.