Improper Sanitization of User ID References in Document Comments Allows Script Injection

Improper Sanitization of User ID References in Document Comments Allows Script Injection

CVE-2023-41703 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.

Learn more about our Web Application Penetration Testing UK.