CVE-2023-29052

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
OXCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
open-xchangeox_app_suite
7.10.6
open-xchangeox_app_suite
7.10.6:rev01
open-xchangeox_app_suite
7.10.6:rev02
open-xchangeox_app_suite
7.10.6:rev03
open-xchangeox_app_suite
7.10.6:rev04
open-xchangeox_app_suite
7.10.6:rev05
open-xchangeox_app_suite
7.10.6:rev06
open-xchangeox_app_suite
7.10.6:rev07
open-xchangeox_app_suite
7.10.6:rev08
open-xchangeox_app_suite
7.10.6:rev09
open-xchangeox_app_suite
7.10.6:rev10
open-xchangeox_app_suite
7.10.6:rev11
open-xchangeox_app_suite
7.10.6:rev12
open-xchangeox_app_suite
7.10.6:rev13
open-xchangeox_app_suite
7.10.6:rev14
open-xchangeox_app_suite
7.10.6:rev15
open-xchangeox_app_suite
7.10.6:rev16
open-xchangeox_app_suite
7.10.6:rev17
open-xchangeox_app_suite
7.10.6:rev18
open-xchangeox_app_suite
7.10.6:rev19
open-xchangeox_app_suite
7.10.6:rev20
open-xchangeox_app_suite
7.10.6:rev21
open-xchangeox_app_suite
7.10.6:rev22
open-xchangeox_app_suite
7.10.6:rev23
open-xchangeox_app_suite
7.10.6:rev24
open-xchangeox_app_suite
7.10.6:rev25
open-xchangeox_app_suite
7.10.6:rev26
open-xchangeox_app_suite
7.10.6:rev27
open-xchangeox_app_suite
7.10.6:rev28
open-xchangeox_app_suite
7.10.6:rev29
open-xchangeox_app_suite
7.10.6:rev30
open-xchangeox_app_suite
7.10.6:rev31
open-xchangeox_app_suite
7.10.6:rev32
open-xchangeox_app_suite
7.10.6:rev33
open-xchangeox_app_suite
7.10.6:rev34
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf