What is CVE-2023-24601?

CVE-2023-24601 is a vulnerability in OX App Suite before frontend 7.10.6-rev24 that allows XSS via a non-app deeplink such as the jslob API's registry sub-tree.

How severe is CVE-2023-24601?

CVE-2023-24601 has a severity rating of 6.1, which is considered medium.

What software is affected by CVE-2023-24601?

OX App Suite versions 7.10.6-rev01 to 7.10.6-rev23 are affected by CVE-2023-24601.

How can I fix CVE-2023-24601?

To fix CVE-2023-24601, upgrade to OX App Suite frontend 7.10.6-rev24 or a newer version.

Where can I find more information about CVE-2023-24601?

You can find more information about CVE-2023-24601 at the following references: [link1](https://open-xchange.com), [link2](http://seclists.org/fulldisclosure/2023/May/3).

Vulnerability/
CVE-2023-24601

medium

6.1

CWE

29/5/2023

14/1/2025

CVE-2023-24601: XSS

First published: Mon May 29 2023(Updated: )

OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Open-Xchange App Suite Backend	<7.10.6
Open-Xchange App Suite Backend	=7.10.6
Open-Xchange App Suite Backend	=7.10.6-rev01
Open-Xchange App Suite Backend	=7.10.6-rev02
Open-Xchange App Suite Backend	=7.10.6-rev03
Open-Xchange App Suite Backend	=7.10.6-rev04
Open-Xchange App Suite Backend	=7.10.6-rev05
Open-Xchange App Suite Backend	=7.10.6-rev06
Open-Xchange App Suite Backend	=7.10.6-rev07
Open-Xchange App Suite Backend	=7.10.6-rev08
Open-Xchange App Suite Backend	=7.10.6-rev09
Open-Xchange App Suite Backend	=7.10.6-rev10
Open-Xchange App Suite Backend	=7.10.6-rev11
Open-Xchange App Suite Backend	=7.10.6-rev12
Open-Xchange App Suite Backend	=7.10.6-rev13
Open-Xchange App Suite Backend	=7.10.6-rev14
Open-Xchange App Suite Backend	=7.10.6-rev15
Open-Xchange App Suite Backend	=7.10.6-rev16
Open-Xchange App Suite Backend	=7.10.6-rev17
Open-Xchange App Suite Backend	=7.10.6-rev18
Open-Xchange App Suite Backend	=7.10.6-rev19
Open-Xchange App Suite Backend	=7.10.6-rev20
Open-Xchange App Suite Backend	=7.10.6-rev21
Open-Xchange App Suite Backend	=7.10.6-rev22
Open-Xchange App Suite Backend	=7.10.6-rev23

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-24601?
CVE-2023-24601 is a vulnerability in OX App Suite before frontend 7.10.6-rev24 that allows XSS via a non-app deeplink such as the jslob API's registry sub-tree.
How severe is CVE-2023-24601?
CVE-2023-24601 has a severity rating of 6.1, which is considered medium.
What software is affected by CVE-2023-24601?
OX App Suite versions 7.10.6-rev01 to 7.10.6-rev23 are affected by CVE-2023-24601.
How can I fix CVE-2023-24601?
To fix CVE-2023-24601, upgrade to OX App Suite frontend 7.10.6-rev24 or a newer version.
Where can I find more information about CVE-2023-24601?
You can find more information about CVE-2023-24601 at the following references: [link1](https://open-xchange.com), [link2](http://seclists.org/fulldisclosure/2023/May/3).

agent/references
agent/type
agent/author
agent/severity
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/weakness
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-latest
vendor/open-xchange
vendor/ox app suite
canonical/open-xchange app suite backend
version/open-xchange app suite backend/7.10.6
version/open-xchange app suite backend/7.10.6-rev01
version/open-xchange app suite backend/7.10.6-rev02
version/open-xchange app suite backend/7.10.6-rev03
version/open-xchange app suite backend/7.10.6-rev04
version/open-xchange app suite backend/7.10.6-rev05
version/open-xchange app suite backend/7.10.6-rev06
version/open-xchange app suite backend/7.10.6-rev07
version/open-xchange app suite backend/7.10.6-rev08
version/open-xchange app suite backend/7.10.6-rev09
version/open-xchange app suite backend/7.10.6-rev10
version/open-xchange app suite backend/7.10.6-rev11
version/open-xchange app suite backend/7.10.6-rev12
version/open-xchange app suite backend/7.10.6-rev13
version/open-xchange app suite backend/7.10.6-rev14
version/open-xchange app suite backend/7.10.6-rev15
version/open-xchange app suite backend/7.10.6-rev16
version/open-xchange app suite backend/7.10.6-rev17
version/open-xchange app suite backend/7.10.6-rev18
version/open-xchange app suite backend/7.10.6-rev19
version/open-xchange app suite backend/7.10.6-rev20
version/open-xchange app suite backend/7.10.6-rev21
version/open-xchange app suite backend/7.10.6-rev22
version/open-xchange app suite backend/7.10.6-rev23