Vulnerability Description
User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Xchange | Ox App Suite | < 7.10.6 |
Related Weaknesses (CWE)
References
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxIssue Tracking
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release Notes
- http://seclists.org/fulldisclosure/2024/Jan/4
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxIssue Tracking
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release Notes
FAQ
What is CVE-2023-41710?
CVE-2023-41710 is a vulnerability with a CVSS score of 5.4 (MEDIUM). User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script...
How severe is CVE-2023-41710?
CVE-2023-41710 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-41710?
Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Ox App Suite.