Auto-Update: 2024-01-22T13:00:24.721565+00:00

2025-05-08 19:47:09 +00:00 · 2024-01-22 13:00:28 +00:00 · 2024-01-22 13:00:28 +00:00 · 45ee208c3c
commit 45ee208c3c
parent fb53f81621
4 changed files with 16 additions and 68 deletions
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29051.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29051.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-29051",
  "sourceIdentifier": "security@open-xchange.com",
  "published": "2024-01-08T09:15:20.480",
-  "lastModified": "2024-01-12T15:05:05.143",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-22T11:15:46.907",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known.\n\n"
+      "value": "User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known."
    },
    {
      "lang": "es",
@ -299,22 +299,6 @@
    }
  ],
  "references": [
-    {
-      "url": "http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html",
-      "source": "security@open-xchange.com",
-      "tags": [
-        "Third Party Advisory",
-        "VDB Entry"
-      ]
-    },
-    {
-      "url": "http://seclists.org/fulldisclosure/2024/Jan/4",
-      "source": "security@open-xchange.com",
-      "tags": [
-        "Mailing List",
-        "Third Party Advisory"
-      ]
-    },
    {
      "url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json",
      "source": "security@open-xchange.com",
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29052.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29052.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-29052",
  "sourceIdentifier": "security@open-xchange.com",
  "published": "2024-01-08T09:15:20.680",
-  "lastModified": "2024-01-12T14:27:55.633",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-22T11:15:47.380",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.\n\n"
+      "value": "Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known."
    },
    {
      "lang": "es",
@ -268,22 +268,6 @@
    }
  ],
  "references": [
-    {
-      "url": "http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html",
-      "source": "security@open-xchange.com",
-      "tags": [
-        "Third Party Advisory",
-        "VDB Entry"
-      ]
-    },
-    {
-      "url": "http://seclists.org/fulldisclosure/2024/Jan/4",
-      "source": "security@open-xchange.com",
-      "tags": [
-        "Mailing List",
-        "Third Party Advisory"
-      ]
-    },
    {
      "url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json",
      "source": "security@open-xchange.com",
--- a/CVE-2023/CVE-2023-417xx/CVE-2023-41710.json
+++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41710.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-41710",
  "sourceIdentifier": "security@open-xchange.com",
  "published": "2024-01-08T09:15:20.883",
-  "lastModified": "2024-01-12T13:56:25.453",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-22T11:15:47.500",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.\n\n"
+      "value": "User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known."
    },
    {
      "lang": "es",
@ -274,22 +274,6 @@
    }
  ],
  "references": [
-    {
-      "url": "http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html",
-      "source": "security@open-xchange.com",
-      "tags": [
-        "Third Party Advisory",
-        "VDB Entry"
-      ]
-    },
-    {
-      "url": "http://seclists.org/fulldisclosure/2024/Jan/4",
-      "source": "security@open-xchange.com",
-      "tags": [
-        "Mailing List",
-        "Third Party Advisory"
-      ]
-    },
    {
      "url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0006.json",
      "source": "security@open-xchange.com",
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-22T07:00:24.465481+00:00
+2024-01-22T13:00:24.721565+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-22T06:15:07.860000+00:00
+2024-01-22T11:15:47.500000+00:00
 ```

 ### Last Data Feed Release
@ -34,21 +34,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `0`

-* [CVE-2017-20189](CVE-2017/CVE-2017-201xx/CVE-2017-20189.json) (`2024-01-22T06:15:07.563`)
-* [CVE-2023-47352](CVE-2023/CVE-2023-473xx/CVE-2023-47352.json) (`2024-01-22T05:15:08.307`)
-* [CVE-2023-52354](CVE-2023/CVE-2023-523xx/CVE-2023-52354.json) (`2024-01-22T06:15:07.780`)
-* [CVE-2024-21484](CVE-2024/CVE-2024-214xx/CVE-2024-21484.json) (`2024-01-22T05:15:08.720`)
-* [CVE-2024-22113](CVE-2024/CVE-2024-221xx/CVE-2024-22113.json) (`2024-01-22T05:15:09.050`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `2`
+Recently modified CVEs: `3`

-* [CVE-2023-7042](CVE-2023/CVE-2023-70xx/CVE-2023-7042.json) (`2024-01-22T05:15:08.547`)
-* [CVE-2024-0647](CVE-2024/CVE-2024-06xx/CVE-2024-0647.json) (`2024-01-22T06:15:07.860`)
+* [CVE-2023-29051](CVE-2023/CVE-2023-290xx/CVE-2023-29051.json) (`2024-01-22T11:15:46.907`)
+* [CVE-2023-29052](CVE-2023/CVE-2023-290xx/CVE-2023-29052.json) (`2024-01-22T11:15:47.380`)
+* [CVE-2023-41710](CVE-2023/CVE-2023-417xx/CVE-2023-41710.json) (`2024-01-22T11:15:47.500`)


 ## Download and Usage