CVE-2023-29043

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
OXCNA
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
open-xchangeopen-xchange_appsuite
𝑥
< 7.10.6
open-xchangeopen-xchange_appsuite
7.10.6
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6069
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6073
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6080
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6085
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6093
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6102
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6112
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6121
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6133
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6138
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6141
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6146
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6147
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6148
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6150
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6156
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6161
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6166
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6173
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6176
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6178
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6189
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6194
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6199
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6204
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6205
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6209
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6210
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6214
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6215
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6216
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6218
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6219
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6220
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6227
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6230
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6233
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6235
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6236
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6239
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6241
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf