Login Sign Up

CVE-2024-23186

6.5 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows attackers to execute client-side scripts via malicious email display names on specific mobile devices. It affects users of Open-Xchange AppSuite email clients on vulnerable versions, potentially leading to unauthorized API requests or data extraction from user accounts.

💻 Affected Systems

Products:
  • Open-Xchange AppSuite
Versions: Versions before 8.22
Operating Systems: All platforms running affected AppSuite versions
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects mobile device clients when processing email display names in the web interface.

📦 What is this software?

Ox App Suite by Open Xchange

View all CVEs affecting Ox App Suite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform malicious API requests with user privileges, extract sensitive account information, or perform actions on behalf of the user.

🟠

Likely Case

Targeted phishing campaigns leading to account compromise or data exfiltration from individual users.

🟢

If Mitigated

Limited impact with proper email filtering and client-side script execution controls.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (opening/viewing malicious email) and specific mobile device configurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.22 or later

Vendor Advisory: https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/oxas-adv-2024-0002.json

Restart Required: Yes

Instructions:

1. Download Open-Xchange AppSuite version 8.22 or later from official sources. 2. Backup current configuration and data. 3. Apply the update following vendor documentation. 4. Restart all AppSuite services. 5. Verify functionality.

🔧 Temporary Workarounds

Email Filtering

all

Implement email filtering to block or sanitize emails with suspicious display names containing script tags or special characters.

Mobile Client Restrictions

all

Temporarily restrict or monitor mobile device access to email services until patching is complete.

🧯 If You Can't Patch

  • Implement strict email content filtering to sanitize display names
  • Disable or restrict mobile device access to email web interface

🔍 How to Verify

Check if Vulnerable:

Check AppSuite version against vulnerable versions (pre-8.22) and review mobile client configurations.

Check Version:

Check AppSuite administration interface or configuration files for version information.

Verify Fix Applied:

Verify AppSuite version is 8.22 or later and test email display name handling on mobile devices.

📡 Detection & Monitoring

Log Indicators:

  • Unusual API requests from user accounts
  • Email processing errors related to display names
  • Mobile client access patterns

Network Indicators:

  • Suspicious email traffic with encoded display names
  • Unexpected API calls from authenticated sessions

SIEM Query:

Search for emails with display names containing script tags or special characters, combined with mobile user agent strings.

📊 Metadata

CVE ID: CVE-2024-23186
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-79
Published: May 6, 2024
Last Updated: March 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23186, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)