CVE-2023-41704

Summary

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.

Affected Software

VendorProductVersion RangeStatus
Open-Xchange GmbHOX App Suite0 <= 7.10.6-rev55affected
Open-Xchange GmbHOX App Suite0 <= 7.6.3-rev71affected
Open-Xchange GmbHOX App Suite0 <= 8.20affected

Weaknesses

  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References