CVE-2023-26449

Name of the Vulnerable Software and Affected Versions OX Chat (affected versions not specified)

Description The issue arises from the "OX Chat" web service not specifying a media-type when processing responses from external resources, allowing malicious script code to be executed within the victim's context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. An attacker would need temporary access to the user's account or lure a user to a compromised account to exploit this. The solution involves defining the accepted media-type to prevent code execution. There are no known publicly available exploits.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.