CVE-2024-23187

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions up to 8.21

Description Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the user's account. Exploiting the issue requires user interaction.

Recommendations For Open-Xchange OX App Suite versions up to 8.21, please deploy the provided updates and patch releases to mitigate the risk. As a temporary workaround, consider restricting the use of the "show more" option in emails until a patch is available. Restrict access to sensitive user account information to minimize the risk of exploitation.