CVE-2024-25582

Published Aug 19, 2024

Last updated 8 months ago

CVSS medium 5.4

Overview

Description
Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social engineering to make a user follow a prepared link to a malicious account. Please deploy the provided updates and patch releases. The savepoint module path has been restricted to modules that provide the feature, excluding any arbitrary or non-existing modules. No publicly available exploits are known.
Source
security@open-xchange.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.4
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@open-xchange.com
CWE-79

Social media

Hype score
Not currently trending

  1. New post from https://t.co/uXvPWJy6tj (CVE-2024-25582 | Open-Xchange OX App Suite up to 7.10.6-rev42 Module Savepoint cross site scripting) has been published on https://t.co/TrY6jz8DAO

    @WolfgangSesin

    14 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References