1 results (0.016 seconds)
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-26456
https://notcve.org/view.php?id=CVE-2023-26456
02 Nov 2023 — Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known. • https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •