CVE-2021-33488 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33488
chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook. El chat en OX App Suite versión 7.10.5, presenta una comprobación de entrada inapropiada. Un usuario puede ser redirigido a un servidor de OX Chat fraudulento por medio de un hook relacionado con el desarrollo OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html http://seclists.org/fulldisclosure/2021/Nov/42 https://open-xchange.com • CWE-20: Improper Input Validation •