CVE-2023-26449

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 2, 2023

Updated: Jan 12, 2024

CWE ID 79

Summary

CVE-2023-26449: The "OX Chat" web service fails to specify media-types when processing responses from external resources, leaving it susceptible to script injection attacks. Malicious code can be executed in the victim's context, potentially leading to session hijacking or unwanted actions through both the web interface and API. Exploitation requires temporary account access or luring a user to a compromised account. To mitigate this, the accepted media-types are now being defined to prevent code execution. No publicly known exploits are available at this time.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Open-xchange Appsuite Frontend

Advisories, Assessments, and Mitigations

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-26449 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future

Gain complete coverage of your cyber, third party, and physical attack surface
Proactively mitigate threats before they turn into costly attacks
Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database