Vulnerability Description
RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Potentially malicious attributes now get removed from external RSS content. No publicly available exploits are known.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://documentation.open-xchange.com/appsuite/releases/8.21/
- https://documentation.open-xchange.com/appsuite/releases/8.22/
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/ox
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_
- http://seclists.org/fulldisclosure/2024/Apr/18
- https://documentation.open-xchange.com/appsuite/releases/8.21/
- https://documentation.open-xchange.com/appsuite/releases/8.22/
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/ox
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_
FAQ
What is CVE-2024-23192?
CVE-2024-23192 is a vulnerability with a CVSS score of 6.1 (MEDIUM). RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accoun...
How severe is CVE-2024-23192?
CVE-2024-23192 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23192?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.