CVE-2023-29045: XSS
First published: Thu Nov 02 2023(Updated: )
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.
Credit: security@open-xchange.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Open-xchange Open-xchange Appsuite | <7.10.6 | |
| Open-xchange Open-xchange Appsuite | =7.10.6 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6069 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6073 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6080 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6085 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6093 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6102 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6112 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6121 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6133 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6138 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6141 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6146 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6147 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6148 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6150 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6156 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6161 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6166 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6173 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6176 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6178 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6189 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6194 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6199 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6204 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6205 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6209 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6210 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6214 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6215 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6216 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6218 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6219 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6220 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6227 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6230 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6233 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6235 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6236 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6239 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6241 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-29045?
CVE-2023-29045 is a vulnerability in Open-xchange Appsuite that allows manipulation of documents to contain invalid data types, potentially leading to the injection of script code executed on active collaborating users.
How does CVE-2023-29045 impact Open-xchange Appsuite?
CVE-2023-29045 can allow an attacker to inject script code into collaborative document operations.
What is the severity of CVE-2023-29045?
CVE-2023-29045 has a severity rating of 5.4 (medium).
Which version of Open-xchange Appsuite is affected by CVE-2023-29045?
Open-xchange Appsuite versions up to and including 7.10.6 are affected by CVE-2023-29045.
How can I fix CVE-2023-29045 in Open-xchange Appsuite?
To fix CVE-2023-29045, update Open-xchange Appsuite to version 7.10.6-patch_release_6243 or later.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/open-xchange
- canonical/open-xchange open-xchange appsuite
- version/open-xchange open-xchange appsuite/7.10.6
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6069
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6073
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6080
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6085
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6093
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6102
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6112
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6121
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6133
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6138
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6141
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6146
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6147
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6148
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6150
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6156
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6161
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6166
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6173
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6176
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6178
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6189
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6194
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6199
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6204
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6205
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6209
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6210
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6214
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6215
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6216
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6218
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6219
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6220
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6227
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6230
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6233
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6235
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6236
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6239
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6241