CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2021-38374 – OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2021-38374
OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de un fragmento diseñado que presenta una referencia al cargador de aplicaciones dentro de una URL del cargador de aplicaciones OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html http://seclists.org/fulldisclosure/2021/Nov/43 http://seclists.org/fulldisclosure/2022/Jul/11 https://www.open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33493 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33493
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. El componente de middleware en OX App Suite versiones hasta 7.10.5, permite una inyección de código por medio de clases Java en formato YAML OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html https://open-xchange.com https://seclists.org/fulldisclosure/2021/Nov/42 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33491 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33491
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records. OX App Suite versiones hasta 7.10.5, permite un salto de directorios por medio de ../ en un archivo ZIP OOXML u ODF, debido al manejo inapropiado de las rutas relativas en las direcciones de correo en conjunto con los registros DNS de auto-configuración OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html https://open-xchange.com https://seclists.org/fulldisclosure/2021/Nov/42 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33490 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33490
OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de un fragmento diseñado en una firma de correo compartida OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html https://open-xchange.com https://seclists.org/fulldisclosure/2021/Nov/42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33489 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33489
OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de código JavaScript en un archivo XCF compartido OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html http://seclists.org/fulldisclosure/2021/Nov/42 https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •