CVE-2023-26449

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 2, 2023
Updated: Jan 12, 2024
CWE ID 79

Summary

CVE-2023-26449: The "OX Chat" web service fails to specify media-types when processing responses from external resources, leaving it susceptible to script injection attacks. Malicious code can be executed in the victim's context, potentially leading to session hijacking or unwanted actions through both the web interface and API. Exploitation requires temporary account access or luring a user to a compromised account. To mitigate this, the accepted media-types are now being defined to prevent code execution. No publicly known exploits are available at this time.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share