Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:open-xchange:ox_guard:2.10.7:-:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-26456 |
Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known. Published: November 02, 2023; 10:15:10 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |