CVE-2023-41704

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 12, 2024

Updated: Feb 16, 2024

CWE ID 79

Summary

CVE-2023-41704 is a vulnerability that allows an attacker to inject malicious script code into email processing by abusing the handling of CID (Compact ID) references. This issue can result in malicious content being passed through the sanitization engine and injected into a user's session while interacting with emails. The vulnerability has been addressed by improving CID handling and checking the resulting content for malicious code. No publicly available exploits have been reported at this time. It is strongly recommended to deploy the provided updates and patch releases to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sgg-II
https://www.cve.org/CVERecord?id=CVE-2023-41704
https://nvd.nist.gov/vuln/detail/CVE-2023-41704

Back to Vulnerability Database

CVE-2023-41704

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations