CVE-2023-26450

Name of the Vulnerable Software and Affected Versions OX Count web service (affected versions not specified)

Description The issue arises from the OX Count web service not specifying a media-type when processing responses from external resources. This allows malicious script code to be executed within the victim's context, potentially leading to session hijacking or triggering unwanted actions via the web interface and API. An attacker would need temporary access to the user's account or lure a user to a compromised account to exploit this. The solution involves defining the accepted media-type to prevent code execution. There are no known publicly available exploits for this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.