CVE-2023-41704
12.02.2024, 09:15
Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.
| Vendor | Product | Version |
|---|---|---|
| open-xchange | open-xchange_appsuite | 𝑥 < 7.6.3 |
| open-xchange | open-xchange_appsuite | 7.6.3 < 𝑥 < 7.10.6 |
| open-xchange | open-xchange_appsuite | 7.10.6 < 𝑥 < 8.20 |
| open-xchange | open-xchange_appsuite | 7.6.3 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_3464 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_3519 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_3569 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_3627 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_3728 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_3875 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_3922 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_3949 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_3991 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_4047 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_4133 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_4423 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_4470 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_4552 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_4667 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_4750 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_4789 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_4839 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_4860 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_4895 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_5104 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_5165 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_5231 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_5537 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_5637 |
| open-xchange | open-xchange_appsuite | 7.6.3:patch_release_5910 |
| open-xchange | open-xchange_appsuite | 7.10.6 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6069 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6073 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6080 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6085 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6093 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6102 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6112 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6121 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6133 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6138 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6141 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6146 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6147 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6148 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6150 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6156 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6161 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6166 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6173 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6176 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6178 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6189 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6194 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6199 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6204 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6205 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6209 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6210 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6214 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6215 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6216 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6218 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6219 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6220 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6227 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6230 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6233 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6235 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6236 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6239 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6241 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6243 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6245 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6248 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6249 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6250 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6251 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6255 |
𝑥
= Vulnerable software versions
References