Unrated severityNVD Advisory· Published Nov 2, 2023· Updated Aug 2, 2024

CVE-2023-29044

Description

Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.

Affected products

Open-Xchange/Appsuitellm-fuzzy
Range: <7.10.6
OX Software GmbH/OX App Suitev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.jsonmitrevendor-advisory
software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdfmitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000