CVE-2023-41708

medium

Description

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.

References

https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf

https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json

http://seclists.org/fulldisclosure/2024/Feb/10

Details

Source: Mitre, NVD

Published: 2024-02-12

Updated: 2025-11-04

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00392