Unrated severityNVD Advisory· Published Jun 20, 2023· Updated Aug 2, 2024
CVE-2023-26429
CVE-2023-26429
Description
Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < 7.10.6
- OX Software GmbH/OX App Suitev5Range: 0
Patches
Vulnerability mechanics
References
4- documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0002.jsonmitrevendor-advisory
- software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdfmitrerelease-notes
- packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.htmlmitre
- seclists.org/fulldisclosure/2023/Jun/8mitre
News mentions
0No linked articles in our index yet.