EUVD-2023-30267

Malicious code in bioql PyPI...

EUVD-2023-32653

Malicious code in bioql PyPI...

CVE-2023-26447

The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering...

CVE-2023-29049

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...

CVE-2023-29049

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...

CVE-2023-29049

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...

CVE-2023-29049

Open-Xchange App Suite frontend 7.10.6-rev33 is affected by CVE-2023-29049, a Cross-Site Scripting vulnerability in the portal’s upsell widget that could allow injection of arbitrary script code. The issue stems from unsanitized user input in the widget, and has been mitigated by sanitizing input...

CVE-2023-26447

The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering...

Code injection

The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering...

CVE-2023-26447

CVE-2023-26447 affects Open-Xchange AppSuite’s portal upsell widget, where a product description sourced from a user-controllable jslob is inserted into the DOM without proper escaping. The underlying issue is DOM-based XSS: unescaped jslob content can execute script in the victim’s browser, pote...