Open-Xchange OX Guard 2.10.7 Rev5
Approved changes feed: RSS · Atom
cpe:2.3:a:open-xchange:ox_guard:2.10.7:rev5:*:*:*:*:*:*
part: a version: 2.10.7 update: rev5
| Vendor | Open Xchange (85b486f1-55be-55d2-8b83-a25950d10c23) |
|---|---|
| Product | Ox Guard (3b6b9bc2-7649-58d7-be7a-5f1d48d71b0b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-26456 |
vulnerable | 2026-06-03 14:50:59.714182 |
Details available
MEDIUM (5.4)
Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known.
Published: 2023-11-02T13:01:24.351Z
Updated: 2024-12-03T14:35:08.177Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.