Home > Vulnerability Database > CVE-2023-41710

Mend.io Vulnerability Database

CVE-2023-41710

Date: January 8, 2024

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

Language: JS

Severity Score

5.4

Related Resources (7)

Url: https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf

Url: https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0006.json

Url: https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-41710

Url: http://seclists.org/fulldisclosure/2024/Jan/4

Url: http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html

Url: https://www.mend.io/vulnerability-database/CVE-2023-41710

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-41710

Date: January 8, 2024

Language: JS

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?