CVE-2023-29049

by Fred · 08/01/2024

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known.

Date published : 2024-01-08

http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html

http://seclists.org/fulldisclosure/2024/Jan/3

CVE-2023-29049

Similar

Recent Posts

Categories

CVE-2023-29049

Share this:

Similar

Recent Posts

Categories

Tags