CVE-2023-29049

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 8, 2024

Updated: Jan 12, 2024

CWE ID 79

Summary

CVE-2023-29049 is a newly identified vulnerability affecting the "upsell" widget on a portal page. Malicious actors could exploit this issue to inject arbitrary script code, potentially gaining persistent code execution capabilities under a trusted domain. This threat is significant as it could be exploited by attackers who gain temporary access to a legitimate account or trick users into accessing a compromised one. The vulnerability has been mitigated with user input sanitization, and no publicly available exploits are currently known.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OX App Suite

Affected Vendors

Open-xchange

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uEaGYB
https://www.cve.org/CVERecord?id=CVE-2023-29049
https://nvd.nist.gov/vuln/detail/CVE-2023-29049

Back to Vulnerability Database