CVE-2024-23192 MEDIUM

CVE-2024-23192

Vendor Open-Xchange Gmbh
Product OX App Suite
Weakness CWE-79 · XSS
Published April 8, 2024
Last update November 4, 2025
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Potentially malicious attributes now get removed from external RSS content. No publicly available exploits are known.

Key dates

02Disclosure timeline

April 8, 2024 CVE published
November 4, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-1268 Dynamic Widget Content <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field CVE-2024-33932 WordPress Login Logout Register Menu plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability CVE-2021-25106 WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS CVE-2021-41184 XSS in the `of` option of the `.position()` util CVE-2025-24545 WordPress BSK Forms Validation plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability