CVE-2023-41703
12.02.2024, 09:15
User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.
| Vendor | Product | Version |
|---|---|---|
| open-xchange | open-xchange_appsuite | 𝑥 < 7.10.6 |
| open-xchange | open-xchange_appsuite | 7.10.6 < 𝑥 < 8.20 |
| open-xchange | open-xchange_appsuite | 7.10.6 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6069 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6073 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6080 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6085 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6093 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6102 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6112 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6121 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6133 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6138 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6141 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6146 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6147 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6148 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6150 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6156 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6161 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6166 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6173 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6176 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6178 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6189 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6194 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6199 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6204 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6205 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6209 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6210 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6214 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6215 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6216 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6218 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6219 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6220 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6227 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6230 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6233 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6235 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6236 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6239 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6241 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6243 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6245 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6248 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6249 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6250 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6251 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6255 |
𝑥
= Vulnerable software versions
References