CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33494 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33494
22 Nov 2021 — OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. OX App Suite versión 7.10.5, permite un ataque de tipo XSS por medio de un título de sala de OX Chat durante la renderización de la escritura OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33493 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33493
22 Nov 2021 — The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. El componente de middleware en OX App Suite versiones hasta 7.10.5, permite una inyección de código por medio de clases Java en formato YAML OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33492 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33492
22 Nov 2021 — OX App Suite 7.10.5 allows XSS via an OX Chat room name. OX App Suite versión 7.10.5, permite un ataque de tipo XSS por medio de un nombre de sala de chat de OX OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33491 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33491
22 Nov 2021 — OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records. OX App Suite versiones hasta 7.10.5, permite un salto de directorios por medio de ../ en un archivo ZIP OOXML u ODF, debido al manejo inapropiado de las rutas relativas en las direcciones de correo en conjunto con los registros DNS de auto-configuración OX App Suite and OX Documents suffer from cross ... • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33490 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33490
22 Nov 2021 — OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de un fragmento diseñado en una firma de correo compartida OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33489 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33489
22 Nov 2021 — OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de código JavaScript en un archivo XCF compartido OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33488 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33488
22 Nov 2021 — chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook. El chat en OX App Suite versión 7.10.5, presenta una comprobación de entrada inapropiada. Un usuario puede ser redirigido a un servidor de OX Chat fraudulento por medio de un hook relacionado con el desarrollo OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affec... • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 0CVE-2021-37403
https://notcve.org/view.php?id=CVE-2021-37403
22 Jul 2021 — OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de un fragmento de código (contenido generado por el usuario) cuando es creado un enlace para compartir y una URL relativa de App Loader es usada • http://seclists.org/fulldisclosure/2021/Jul/33 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 0CVE-2021-37402
https://notcve.org/view.php?id=CVE-2021-37402
22 Jul 2021 — OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de datos binarios que se manejan inapropiadamente cuando ha sido habilitado el endpoint de recuperación de datos heredado • http://seclists.org/fulldisclosure/2021/Jul/33 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-28094
https://notcve.org/view.php?id=CVE-2021-28094
20 Jul 2021 — OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32. OX Documents versiones anteriores a 7.10.5-rev7, presenta un Control de Acceso Incorrecto para los documentos convertidos porque pueden ocurrir colisiones de hash, debido al uso de CRC32 • http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html • CWE-326: Inadequate Encryption Strength •