Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentOXVULNRICHMENT:CVE-2024-23189
HistoryApr 08, 2024 - 8:09 a.m.

CVE-2024-23189

2024-04-0808:09:11
OX
github.com
2
embedded content
script code
browser session
account access
social engineering
api requests
user-generated content
patch release

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering attack to make users import external content. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-generated content has been improved. No publicly available exploits are known.

CNA Affected

[
  {
    "vendor": "Open-Xchange GmbH",
    "modules": [
      "frontend"
    ],
    "product": "OX App Suite",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "7.10.6-rev40"
      },
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "7.6.3-rev54"
      },
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "8.20"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Related

cvelist 1
cve 1
nvd 1
cvelist
cvelist
CVE-2024-23189
2024-04-08 08:09:11
cve
cve
CVE-2024-23189
2024-04-08 09:15:09
nvd
nvd
CVE-2024-23189
2024-04-08 09:15:09

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-23189
cvelist1cve1nvd1