CVE-2023-29052

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

Los usuarios pudieron definir textos de exención de responsabilidad para un cuadro de diálogo de tienda de ventas adicionales que contendría código de script que no se sanitizó correctamente. Los atacantes podrían atraer a las víctimas a cuentas de usuario con código de script malicioso y obligarlas a ejecutarlo en el contexto de un dominio confiable. Agregamos sanitización para este contenido. No se conocen exploits disponibles públicamente.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-03-30 CVE Reserved
2024-01-08 CVE Published
2024-08-02 CVE Updated
2025-01-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (2)

URL	Tag	Source
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf	Release Notes

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json	2024-01-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		-		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev01		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev02		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev03		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev04		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev05		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev06		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev07		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev08		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev09		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev10		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev11		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev12		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev13		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev14		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev15		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev16		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev17		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev18		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev19		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev20		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev21		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev22		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev23		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev24		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev25		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev26		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev27		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev28		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev29		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev30		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev31		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev32		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev33		Affected
Open-xchange Search vendor "Open-xchange"		Ox App Suite Search vendor "Open-xchange" for product "Ox App Suite"				7.10.6 Search vendor "Open-xchange" for product "Ox App Suite" and version "7.10.6"		rev34		Affected