CVE-2024-23192
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Potentially malicious attributes now get removed from external RSS content. No publicly available exploits are known.
Se podría abusar de los canales RSS que contienen atributos de datos maliciosos para inyectar código de secuencia de comandos en la sesión del navegador de un usuario cuando se leen canales RSS comprometidos o se atrae con éxito a los usuarios a cuentas comprometidas. Los atacantes podrían realizar solicitudes API maliciosas o extraer información de la cuenta del usuario. Implemente las actualizaciones y lanzamientos de parches proporcionados. Los atributos potencialmente maliciosos ahora se eliminan del contenido RSS externo. No se conocen exploits disponibles públicamente.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-12 CVE Reserved
- 2024-04-08 CVE Published
- 2024-04-09 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://documentation.open-xchange.com/appsuite/releases/8.21 | Release Notes | |
| https://documentation.open-xchange.com/appsuite/releases/8.22 | Release Notes | |
| https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6268_7.10.6_2024-02-08.pdf | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Open-Xchange GmbH Search vendor "Open-Xchange GmbH" | OX App Suite Search vendor "Open-Xchange GmbH" for product "OX App Suite" | <= 7.10.6-rev40 Search vendor "Open-Xchange GmbH" for product "OX App Suite" and version " <= 7.10.6-rev40" | en |
Affected
| ||||||
| Open-Xchange GmbH Search vendor "Open-Xchange GmbH" | OX App Suite Search vendor "Open-Xchange GmbH" for product "OX App Suite" | <= 7.6.3-rev54 Search vendor "Open-Xchange GmbH" for product "OX App Suite" and version " <= 7.6.3-rev54" | en |
Affected
| ||||||
| Open-Xchange GmbH Search vendor "Open-Xchange GmbH" | OX App Suite Search vendor "Open-Xchange GmbH" for product "OX App Suite" | <= 8.20 Search vendor "Open-Xchange GmbH" for product "OX App Suite" and version " <= 8.20" | en |
Affected
| ||||||