E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known.
Metrics
Affected Vendors & Products
References
History
No history.
Status: PUBLISHED
Assigner: OX
Published:
Updated: 2025-02-13T17:33:46.948Z
Reserved: 2024-01-12T07:03:12.862Z
Link: CVE-2024-23186
Updated: 2024-08-01T22:59:32.072Z
Status : Analyzed
Published: 2024-05-06T07:15:06.450
Modified: 2026-06-17T07:12:15.630
Link: CVE-2024-23186
No data.
OpenCVE Enrichment
No data.