CVE-2023-41708

Description

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.

Affected Software
References

Software	From	Fixed in
open-xchange / open-xchange_appsuite	-	7.10.6
open-xchange / open-xchange_appsuite	7.10.6	7.10.6.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6069	7.10.6-patch_release_6069.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6073	7.10.6-patch_release_6073.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6080	7.10.6-patch_release_6080.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6085	7.10.6-patch_release_6085.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6093	7.10.6-patch_release_6093.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6102	7.10.6-patch_release_6102.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6112	7.10.6-patch_release_6112.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6121	7.10.6-patch_release_6121.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6133	7.10.6-patch_release_6133.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6138	7.10.6-patch_release_6138.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6141	7.10.6-patch_release_6141.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6146	7.10.6-patch_release_6146.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6147	7.10.6-patch_release_6147.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6148	7.10.6-patch_release_6148.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6150	7.10.6-patch_release_6150.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6156	7.10.6-patch_release_6156.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6161	7.10.6-patch_release_6161.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6166	7.10.6-patch_release_6166.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6173	7.10.6-patch_release_6173.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6176	7.10.6-patch_release_6176.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6178	7.10.6-patch_release_6178.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6189	7.10.6-patch_release_6189.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6194	7.10.6-patch_release_6194.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6199	7.10.6-patch_release_6199.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6204	7.10.6-patch_release_6204.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6205	7.10.6-patch_release_6205.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6209	7.10.6-patch_release_6209.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6210	7.10.6-patch_release_6210.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6214	7.10.6-patch_release_6214.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6215	7.10.6-patch_release_6215.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6216	7.10.6-patch_release_6216.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6218	7.10.6-patch_release_6218.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6219	7.10.6-patch_release_6219.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6220	7.10.6-patch_release_6220.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6227	7.10.6-patch_release_6227.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6230	7.10.6-patch_release_6230.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6233	7.10.6-patch_release_6233.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6235	7.10.6-patch_release_6235.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6236	7.10.6-patch_release_6236.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6239	7.10.6-patch_release_6239.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6241	7.10.6-patch_release_6241.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6243	7.10.6-patch_release_6243.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6245	7.10.6-patch_release_6245.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6248	7.10.6-patch_release_6248.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6249	7.10.6-patch_release_6249.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6250	7.10.6-patch_release_6250.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6251	7.10.6-patch_release_6251.x
open-xchange / open-xchange_appsuite	7.10.6-patch_release_6255	7.10.6-patch_release_6255.x

Severity: Medium

CVE: CVE-2023-41708
Published: Feb 12, 2024
Updated: Oct 18, 2024
Exploit:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-79

A7 - Cross-Site Scripting (XSS)

CVE-2023-41708

Description

Details

CVSS v3

CWEs

OWASP TOP 10