CVE-2023-41703: XSS
First published: Mon Feb 12 2024(Updated: )
User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.
Credit: security@open-xchange.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Open-xchange Open-xchange Appsuite | <7.10.6 | |
| Open-xchange Open-xchange Appsuite | >7.10.6<8.20 | |
| Open-xchange Open-xchange Appsuite | =7.10.6 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6069 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6073 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6080 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6085 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6093 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6102 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6112 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6121 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6133 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6138 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6141 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6146 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6147 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6148 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6150 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6156 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6161 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6166 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6173 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6176 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6178 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6189 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6194 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6199 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6204 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6205 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6209 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6210 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6214 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6215 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6216 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6218 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6219 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6220 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6227 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6230 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6233 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6235 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6236 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6239 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6241 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6243 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6245 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6248 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6249 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6250 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6251 | |
| Open-xchange Open-xchange Appsuite | =7.10.6-patch_release_6255 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json
- http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2024/Feb/10
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/event
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- vendor/open-xchange
- canonical/open-xchange open-xchange appsuite
- version/open-xchange open-xchange appsuite/7.10.6
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6069
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6073
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6080
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6085
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6093
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6102
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6112
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6121
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6133
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6138
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6141
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6146
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6147
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6148
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6150
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6156
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6161
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6166
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6173
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6176
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6178
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6189
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6194
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6199
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6204
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6205
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6209
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6210
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6214
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6215
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6216
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6218
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6219
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6220
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6227
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6230
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6233
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6235
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6236
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6239
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6241
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6243
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6245
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6248
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6249
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6250
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6251
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6255