Vulnerability CVE-2023-26429
Published: 2023-06-20

Description:
Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
OX App Suite SSRF / Resource Consumption / Command Injection
Mehmet Ince
22.06.2023

 References:
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf
Copyright 2024, cxsecurity.com

 

Back to Top