CVE-2023-41708 Vulnerability Details

  /     /     /  

CVE-2023-41708 Metadata Quick Info

CVE Published: 12/02/2024 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: OX | Vendor: Open-Xchange GmbH | Product: OX App Suite
Status : PUBLISHED

---

CVE-2023-41708 Description

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.

Metrics

CVSS Version: 3.1 | Base Score: 5.4 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting )
Source: Open-Xchange GmbH

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).