User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

Open-Xchange http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html

Open-Xchange http://seclists.org/fulldisclosure/2024/Jan/4

OR
     *cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:* versions up to (excluding) 7.10.6
     *cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*
     *cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*
     *cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*
     *cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*
     *cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*
     *cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*
     *c

NIST AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

NIST CWE-79

http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html No Types Assigned

http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html Third Party Advisory, VDB Entry

http://seclists.org/fulldisclosure/2024/Jan/4 No Types Assigned

http://seclists.org/fulldisclosure/2024/Jan/4 Mailing List, Third Party Advisory

https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json No Types Assigned

https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json Issue Tracking

https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf No Types Assigned

https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf Release Notes

Open-Xchange https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json [No types assigned]

Open-Xchange https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0006.json

Open-Xchange http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html [No types assigned]

Open-Xchange http://seclists.org/fulldisclosure/2024/Jan/4 [No types assigned]

Open-Xchange AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Open-Xchange CWE-79

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

Open-Xchange https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0006.json [No types assigned]

Open-Xchange https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf [No types assigned]