2 matches found
CVE-2023-26448
Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...
CVE-2023-26448
Open-Xchange AppSuite is affected by CVE-2023-26448 due to unsafe handling of customized login/logout locations defined as jslob, which were not validated for malicious protocol handlers. The underlying issue allows malicious script code to execute in the victim’s context, potentially enabling se...