Lucene search

OXCVELIST:CVE-2023-29043

HistoryNov 02, 2023 - 1:01 p.m.

CVE-2023-29043

2023-11-0213:01:28

CWE-79

www.cve.org

cve-2023-29043

document editing

malicious script

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "office"
    ],
    "product": "OX App Suite",
    "vendor": "OX Software GmbH",
    "versions": [
      {
        "lessThanOrEqual": "7.10.6-rev7",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json

software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-29043