← Zuruck zu CVEs
CVE-2024-23188
MEDIUM6.5
Beschreibung
Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding attachment information to the web interface. No publicly available exploits are known.
CVE Details
CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/6/2024
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-79CWE-79
Referenzen
http://seclists.org/fulldisclosure/2024/May/3(security@open-xchange.com)
https://documentation.open-xchange.com/appsuite/releases/8.22/(security@open-xchange.com)
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/oxas-adv-2024-0002.json(security@open-xchange.com)
http://seclists.org/fulldisclosure/2024/May/3(af854a3a-2127-422b-91ae-364da2661108)
https://documentation.open-xchange.com/appsuite/releases/8.22/(af854a3a-2127-422b-91ae-364da2661108)
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/oxas-adv-2024-0002.json(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.