3 matches found
CVE-2023-29049
The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...
CVE-2023-29049
Open-Xchange App Suite frontend 7.10.6-rev33 is affected by CVE-2023-29049, a Cross-Site Scripting vulnerability in the portal’s upsell widget that could allow injection of arbitrary script code. The issue stems from unsanitized user input in the widget, and has been mitigated by sanitizing input...
CVE-2023-29049
The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...