cve/2023/CVE-2023-41708.md

### [CVE-2023-41708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41708)
![](https://img.shields.io/static/v1?label=Product&message=OX%20App%20Suite&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%207.10.6-rev38%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)

### Description

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.

### POC

#### Reference
- http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html
- http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-41708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41708)`
			`![](https://img.shields.io/static/v1?label=Product&message=OX%20App%20Suite&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%207.10.6-rev38%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)`

			`### Description`

			`References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`#### Github`
			`No PoCs found on GitHub currently.`