Page 10 of 60 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de uuencoding en un mensaje multipart/alternative OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities. • https://open-xchange.com https://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio del atributo class de un elemento en una firma de correo electrónico HTML OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name. OX App Suite versión 7.10.5, permite una Exposición de Información porque un mecanismo de caché puede causar que una respuesta Modified By muestre el nombre de una persona OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html https://seclists.org/fulldisclosure/2021/Nov/43 https://www.open-xchange.com •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de código JavaScript en un comentario HTML de anclaje dentro de un correo electrónico truncado, porque se presenta un UUID predecible con resultados de transformación HTML OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html https://seclists.org/fulldisclosure/2021/Nov/43 https://www.open-xchange.com • CWE-330: Use of Insufficiently Random Values •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. OX App Suite versiones hasta 7.10.5, presenta un Control de Acceso Incorrecto para la recuperación de la información de la sesión por medio de la acción de rampa de la llamada a la API de inicio de sesión OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html https://seclists.org/fulldisclosure/2021/Nov/43 https://www.open-xchange.com • CWE-287: Improper Authentication •