GCVE - cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release

Approved changes feed: RSS · Atom

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*

part: a version: 7.10.6 update: patch_release_6249

Vendor	Open Xchange (`85b486f1-55be-55d2-8b83-a25950d10c23`)
Product	Open Xchange Appsuite (`5c4f7579-8692-5eac-881b-9aff46aef717`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:open-xchange.com/appsuite`	purl2cpe	2026-06-01 10:16:43.941016
`pkg:rpm/opensuse/open-xchange-appsuite`	purl2cpe	2026-06-01 10:16:43.941018

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-41708`	vulnerable	2026-06-03 14:52:52.067131	Details available MEDIUM (5.4) References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known. Published: 2024-02-12T08:15:25.802Z Updated: 2025-11-04T18:16:51.949Z Open on db.gcve.eu Reference links https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-41707`	vulnerable	2026-06-03 14:52:52.065461	Details available MEDIUM (6.5) Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known. Published: 2024-02-12T08:15:24.923Z Updated: 2025-11-04T18:16:50.752Z Open on db.gcve.eu Reference links https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-41706`	vulnerable	2026-06-03 14:52:52.062817	Details available MEDIUM (6.5) Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known. Published: 2024-02-12T08:15:24.085Z Updated: 2025-11-04T18:16:49.570Z Open on db.gcve.eu Reference links https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-41705`	vulnerable	2026-06-03 14:52:52.060627	Details available MEDIUM (6.5) Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known. Published: 2024-02-12T08:15:23.158Z Updated: 2025-11-04T18:16:48.285Z Open on db.gcve.eu Reference links https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-41704`	vulnerable	2026-06-03 14:52:52.058086	Details available HIGH (7.1) Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known. Published: 2024-02-12T08:15:22.352Z Updated: 2025-11-04T18:16:47.090Z Open on db.gcve.eu Reference links https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-41703`	vulnerable	2026-06-03 14:52:52.039321	Details available MEDIUM (6.1) User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known. Published: 2024-02-12T08:15:21.605Z Updated: 2025-11-04T18:16:45.902Z Open on db.gcve.eu Reference links https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Open-Xchange AppSuite 7.10.6 Patch Release 6249

PURL mappings

Vulnerability references

Contribute