CVE-2023-29044

Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
OXCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
open-xchangeopen-xchange_appsuite
𝑥
< 7.10.6
open-xchangeopen-xchange_appsuite
7.10.6
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6069
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6073
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6080
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6085
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6093
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6102
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6112
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6121
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6133
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6138
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6141
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6146
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6147
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6148
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6150
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6156
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6161
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6166
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6173
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6176
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6178
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6189
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6194
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6199
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6204
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6205
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6209
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6210
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6214
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6215
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6216
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6218
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6219
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6220
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6227
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6230
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6233
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6235
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6236
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6239
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6241
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf