CVE-2023-41710 MEDIUM

CVE-2023-41710

Vendor Open-Xchange Gmbh

Product OX App Suite

Weakness CWE-79 · XSS

Published January 8, 2024

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

Key dates

02Disclosure timeline

January 8, 2024 CVE published

November 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-41710 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-34407 MailEnable < 10.54 Reflected XSS in theme Parameter of Statistics.aspx CVE-2025-13186 Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution manage_customer cross site scripting CVE-2024-11938 One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode CVE-2023-7319 Nagios Network Analyzer < 2024R1 XSS via Percentile Calculator Menu CVE-2025-2767 Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability