CVE-2023-26456

Name of the Vulnerable Software and Affected Versions OX Guard (affected versions not specified)

Description The issue allows users to set an arbitrary "product name" for OX Guard, which was not sufficiently sanitized before processing it at the user interface. This enabled indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is now in place for product names.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.