CVE-2023-41316
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-41316
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41316.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-41316
- Related
- Published
- 2023-09-07T20:15:07Z
- Modified
- 2025-07-29T10:59:28.792136Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- References
Affected packages
Git / github.com/tolgee/tolgee-platform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tolgee/tolgee-platform
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.0.0-alpha.1
v1.0.0-alpha.10
v1.0.0-alpha.100
v1.0.0-alpha.101
v1.0.0-alpha.102
v1.0.0-alpha.103
v1.0.0-alpha.104
v1.0.0-alpha.105
v1.0.0-alpha.106
v1.0.0-alpha.107
v1.0.0-alpha.108
v1.0.0-alpha.109
v1.0.0-alpha.11
v1.0.0-alpha.110
v1.0.0-alpha.111
v1.0.0-alpha.112
v1.0.0-alpha.113
v1.0.0-alpha.114
v1.0.0-alpha.115
v1.0.0-alpha.116
v1.0.0-alpha.117
v1.0.0-alpha.118
v1.0.0-alpha.119
v1.0.0-alpha.12
v1.0.0-alpha.120
v1.0.0-alpha.121
v1.0.0-alpha.122
v1.0.0-alpha.123
v1.0.0-alpha.124
v1.0.0-alpha.125
v1.0.0-alpha.126
v1.0.0-alpha.127
v1.0.0-alpha.128
v1.0.0-alpha.129
v1.0.0-alpha.13
v1.0.0-alpha.130
v1.0.0-alpha.131
v1.0.0-alpha.132
v1.0.0-alpha.133
v1.0.0-alpha.134
v1.0.0-alpha.135
v1.0.0-alpha.136
v1.0.0-alpha.137
v1.0.0-alpha.138
v1.0.0-alpha.139
v1.0.0-alpha.14
v1.0.0-alpha.140
v1.0.0-alpha.141
v1.0.0-alpha.142
v1.0.0-alpha.15
v1.0.0-alpha.16
v1.0.0-alpha.17
v1.0.0-alpha.18
v1.0.0-alpha.19
v1.0.0-alpha.20
v1.0.0-alpha.21
v1.0.0-alpha.22
v1.0.0-alpha.23
v1.0.0-alpha.24
v1.0.0-alpha.25
v1.0.0-alpha.26
v1.0.0-alpha.27
v1.0.0-alpha.28
v1.0.0-alpha.29
v1.0.0-alpha.3
v1.0.0-alpha.31
v1.0.0-alpha.32
v1.0.0-alpha.33
v1.0.0-alpha.34
v1.0.0-alpha.35
v1.0.0-alpha.36
v1.0.0-alpha.37
v1.0.0-alpha.38
v1.0.0-alpha.39
v1.0.0-alpha.4
v1.0.0-alpha.41
v1.0.0-alpha.42
v1.0.0-alpha.43
v1.0.0-alpha.45
v1.0.0-alpha.46
v1.0.0-alpha.47
v1.0.0-alpha.48
v1.0.0-alpha.49
v1.0.0-alpha.5
v1.0.0-alpha.50
v1.0.0-alpha.51
v1.0.0-alpha.52
v1.0.0-alpha.53
v1.0.0-alpha.54
v1.0.0-alpha.55
v1.0.0-alpha.56
v1.0.0-alpha.57
v1.0.0-alpha.58
v1.0.0-alpha.59
v1.0.0-alpha.6
v1.0.0-alpha.60
v1.0.0-alpha.61
v1.0.0-alpha.62
v1.0.0-alpha.63
v1.0.0-alpha.64
v1.0.0-alpha.66
v1.0.0-alpha.67
v1.0.0-alpha.68
v1.0.0-alpha.69
v1.0.0-alpha.7
v1.0.0-alpha.70
v1.0.0-alpha.71
v1.0.0-alpha.72
v1.0.0-alpha.73
v1.0.0-alpha.74
v1.0.0-alpha.75
v1.0.0-alpha.76
v1.0.0-alpha.77
v1.0.0-alpha.78
v1.0.0-alpha.79
v1.0.0-alpha.8
v1.0.0-alpha.80
v1.0.0-alpha.81
v1.0.0-alpha.82
v1.0.0-alpha.83
v1.0.0-alpha.84
v1.0.0-alpha.85
v1.0.0-alpha.86
v1.0.0-alpha.87
v1.0.0-alpha.88
v1.0.0-alpha.89
v1.0.0-alpha.9
v1.0.0-alpha.90
v1.0.0-alpha.92
v1.0.0-alpha.93
v1.0.0-alpha.94
v1.0.0-alpha.95
v1.0.0-alpha.96
v1.0.0-alpha.97
v1.0.0-alpha.98
v1.0.0-alpha.99
v1.1.0
v1.1.1
v1.1.2
v1.10.0
v1.11.0
v1.11.1
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1
v1.3.10
v1.3.11
v1.3.12
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.5.0
v1.6.0
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.9.0
v1.9.1
v2.*
v2.0.0
v2.0.1
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.10.0
v2.11.0
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.12.4
v2.12.5
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.13.5
v2.14.0
v2.14.1
v2.15.0
v2.15.1
v2.15.2
v2.16.0
v2.16.1
v2.16.2
v2.16.3
v2.17.0
v2.18.0
v2.18.1
v2.18.2
v2.18.3
v2.19.0
v2.19.1
v2.19.2
v2.19.3
v2.2.0
v2.2.1
v2.20.0
v2.20.1
v2.20.2
v2.20.3
v2.21.0
v2.22.0
v2.22.1
v2.23.0
v2.23.1
v2.23.2
v2.24.0
v2.24.1
v2.25.0
v2.25.1
v2.26.0
v2.26.1
v2.27.0
v2.27.1
v2.27.2
v2.27.3
v2.28.0
v2.29.0
v2.29.1
v2.29.2
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.30.0
v2.30.1
v2.30.2
v2.30.3
v2.31.0
v2.31.1
v2.32.0
v2.32.1
v2.32.2
v2.32.3
v2.32.4
v2.32.5
v2.32.6
v2.33.0
v2.34.0
v2.35.0
v2.35.1
v2.36.0
v2.36.1
v2.37.0
v2.37.1
v2.38.0
v2.38.1
v2.39.0
v2.39.1
v2.39.2
v2.4.0
v2.40.0
v2.41.0
v2.42.0
v2.42.1
v2.43.0
v2.43.1
v2.43.2
v2.44.0
v2.44.1
v2.45.0
v2.45.1
v2.45.10
v2.45.11
v2.45.2
v2.45.3
v2.45.4
v2.45.5
v2.45.6
v2.45.7
v2.45.8
v2.45.9
v2.46.0
v2.46.1
v2.46.2
v2.47.0
v2.47.1
v2.47.2
v2.48.0
v2.49.0
v2.49.1
v2.49.2
v2.5.0
v2.50.0
v2.51.0
v2.51.1
v2.6.0
v2.7.0
v2.7.1
v2.7.2
v2.8.0
v2.8.1
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v3.*
v3.0.0
v3.1.0
v3.1.1
v3.10.0
v3.10.1
v3.10.2
v3.10.3
v3.11.0
v3.11.1
v3.11.2
v3.11.3
v3.11.4
v3.11.5
v3.11.6
v3.11.7
v3.12.0
v3.12.1
v3.12.2
v3.12.3
v3.12.4
v3.12.5
v3.12.6
v3.12.7
v3.13.0
v3.13.1
v3.13.2
v3.13.3
v3.13.4
v3.14.0
v3.14.1
v3.14.2
v3.14.3
v3.15.0
v3.16.0
v3.16.1
v3.16.2
v3.17.0
v3.18.0
v3.18.1
v3.18.2
v3.19.0
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.20.0
v3.20.1
v3.20.2
v3.20.3
v3.20.4
v3.20.5
v3.20.6
v3.20.7
v3.21.0
v3.21.1
v3.22.0
v3.23.0
v3.23.1
v3.23.2
v3.23.3
v3.23.4
v3.24.0
v3.24.1
v3.25.0
v3.25.1
v3.25.2
v3.25.3
v3.25.4
v3.26.0
v3.26.1
v3.26.2
v3.26.3
v3.26.4
v3.26.5
v3.26.6
v3.27.0
v3.28.0
v3.28.1
v3.28.2
v3.28.3
v3.29.0
v3.29.1
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.4.0
v3.4.1
v3.5.0
v3.5.1
v3.6.0
v3.6.1
v3.7.0
v3.7.1
v3.7.2
v3.8.0
v3.8.1
v3.8.2
v3.8.3
v3.9.0