VDB
CVE-2024-25582
CVE-2024-25582
PUBLISHED
CVSS 5.400000095367432 MEDIUM
Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social engineering to make a user follow a prepared link to a malicious account. Please deploy the provided updates and patch releases. The savepoint module path has been restricted to modules that provide the feature, excluding any arbitrary or non-existing modules. No publicly available exploits are known.
EPSS 0.18% · 39.4th percentile
Risk Scores
CVSS v3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.18%
39.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Xchange GmbH | OX App Suite | 0 |
Timeline
- Apr 23, 2024 CVE Published
- Aug 19, 2024 CVE Updated
- Aug 20, 2024 EPSS Score
- Sep 10, 2024 EPSS Score
- Sep 30, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 21, 2024 EPSS Score
- Nov 10, 2024 EPSS Score
- Dec 2, 2024 EPSS Score
- Dec 22, 2024 EPSS Score
- Jan 12, 2025 EPSS Score
- Feb 1, 2025 EPSS Score
References
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6277_7.10.6_2024-05-06.pdf url
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/oxas-adv-2024-0003.json vendor-advisory
- http://seclists.org/fulldisclosure/2024/Aug/37 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-25582 advisory