CVE-2023-41704 HIGH

CVE-2023-41704

Vendor Open-Xchange Gmbh

Product OX App Suite

Weakness CWE-79 · XSS

Published February 12, 2024

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.

Key dates

02Disclosure timeline

February 12, 2024 CVE published

November 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-41704

Related vulnerabilities

Identifiers

CVE CVE-2023-41704

CWE CWE-79

CVSS 7.1 / HIGH

Affected versions

Vendor Open-Xchange Gmbh

Product OX App Suite

Affected ≤ 7.10.6-rev55

Vendor Open-Xchange Gmbh

Product OX App Suite

Affected ≤ 7.6.3-rev71

Vendor Open-Xchange Gmbh

Product OX App Suite

Affected ≤ 8.20

CVE-2023-41704

01Description

02Disclosure timeline

03References

04Related CVE