CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44213 – OX App Suite 7.10.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-44213
21 Mar 2022 — OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de uuencoding en un mensaje multipart/alternative OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities. • https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44212 – OX App Suite 7.10.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-44212
21 Mar 2022 — OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de un carácter de control al final del mensaje, como la subcadena SCRIPT\t OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44209 – OX App Suite 7.10.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-44209
21 Mar 2022 — OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de un elemento HTML 5 como AUDIO OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44208 – OX App Suite 7.10.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-44208
21 Mar 2022 — OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de un mensaje de sistema desconocido en el chat OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2021-38378 – OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2021-38378
22 Nov 2021 — OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name. OX App Suite versión 7.10.5, permite una Exposición de Información porque un mecanismo de caché puede causar que una respuesta Modified By muestre el nombre de una persona OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-38377 – OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2021-38377
22 Nov 2021 — OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de código JavaScript en un comentario HTML de anclaje dentro de un correo electrónico truncado, porque se presenta un UUID predecible con resultados de transformación HTML OX App Suite versions 7.10.5 and below suffer from cross site scripting and informa... • http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html • CWE-330: Use of Insufficiently Random Values •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2021-38376 – OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2021-38376
22 Nov 2021 — OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. OX App Suite versiones hasta 7.10.5, presenta un Control de Acceso Incorrecto para la recuperación de la información de la sesión por medio de la acción de rampa de la llamada a la API de inicio de sesión OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-38375 – OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2021-38375
22 Nov 2021 — OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio del atributo alt de un elemento IMG en un mensaje de correo electrónico truncado OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2021-38374 – OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2021-38374
22 Nov 2021 — OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de un fragmento diseñado que presenta una referencia al cargador de aplicaciones dentro de una URL del cargador de aplicaciones OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33495 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33495
22 Nov 2021 — OX App Suite 7.10.5 allows XSS via an OX Chat system message. OX App Suite versión 7.10.5, permite un ataque de tipo XSS por medio de un mensaje del sistema OX Chat OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •