User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.
{
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"last_affected": "7.10.6-rev34"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/41xxx/CVE-2023-41710.json",
"cna_assigner": "OX",
"cwe_ids": [
"CWE-79"
]
}{
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"cpe": [
"cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev30:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev31:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev32:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev33:*:*:*:*:*:*",
"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev34:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "7.10.6"
},
{
"introduced": "7.10.6-NA"
},
{
"last_affected": "7.10.6-NA"
},
{
"introduced": "7.10.6-rev10"
},
{
"last_affected": "7.10.6-rev10"
},
{
"introduced": "7.10.6-rev11"
},
{
"last_affected": "7.10.6-rev11"
},
{
"introduced": "7.10.6-rev12"
},
{
"last_affected": "7.10.6-rev12"
},
{
"introduced": "7.10.6-rev13"
},
{
"last_affected": "7.10.6-rev13"
},
{
"introduced": "7.10.6-rev14"
},
{
"last_affected": "7.10.6-rev14"
},
{
"introduced": "7.10.6-rev15"
},
{
"last_affected": "7.10.6-rev15"
},
{
"introduced": "7.10.6-rev16"
},
{
"last_affected": "7.10.6-rev16"
},
{
"introduced": "7.10.6-rev17"
},
{
"last_affected": "7.10.6-rev17"
},
{
"introduced": "7.10.6-rev18"
},
{
"last_affected": "7.10.6-rev18"
},
{
"introduced": "7.10.6-rev19"
},
{
"last_affected": "7.10.6-rev19"
},
{
"introduced": "7.10.6-rev20"
},
{
"last_affected": "7.10.6-rev20"
},
{
"introduced": "7.10.6-rev21"
},
{
"last_affected": "7.10.6-rev21"
},
{
"introduced": "7.10.6-rev22"
},
{
"last_affected": "7.10.6-rev22"
},
{
"introduced": "7.10.6-rev23"
},
{
"last_affected": "7.10.6-rev23"
},
{
"introduced": "7.10.6-rev24"
},
{
"last_affected": "7.10.6-rev24"
},
{
"introduced": "7.10.6-rev25"
},
{
"last_affected": "7.10.6-rev25"
},
{
"introduced": "7.10.6-rev26"
},
{
"last_affected": "7.10.6-rev26"
},
{
"introduced": "7.10.6-rev27"
},
{
"last_affected": "7.10.6-rev27"
},
{
"introduced": "7.10.6-rev28"
},
{
"last_affected": "7.10.6-rev28"
},
{
"introduced": "7.10.6-rev29"
},
{
"last_affected": "7.10.6-rev29"
},
{
"introduced": "7.10.6-rev30"
},
{
"last_affected": "7.10.6-rev30"
},
{
"introduced": "7.10.6-rev31"
},
{
"last_affected": "7.10.6-rev31"
},
{
"introduced": "7.10.6-rev32"
},
{
"last_affected": "7.10.6-rev32"
},
{
"introduced": "7.10.6-rev33"
},
{
"last_affected": "7.10.6-rev33"
},
{
"introduced": "7.10.6-rev34"
},
{
"last_affected": "7.10.6-rev34"
}
]
}