CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28093
https://notcve.org/view.php?id=CVE-2021-28093
20 Jul 2021 — OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32. OX Documents versiones anteriores a 7.10.5-rev5, presenta un Control de Acceso Incorrecto de imágenes convertidas porque pueden ocurrir colisiones de hash, debido al uso de Adler32 • http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html • CWE-326: Inadequate Encryption Strength •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28095
https://notcve.org/view.php?id=CVE-2021-28095
20 Jul 2021 — OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32. OX Documents versiones anteriores a 7.10.5-rev5, presenta un Control de Acceso Incorrecto para los documentos que contienen estructuras XML porque pueden ocurrir colisiones de hash, debido al uso de CRC32 • http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html • CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 2CVE-2021-26698 – OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-26698
16 Jul 2021 — OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de un fragmento de código (contenido generado por el usuario) cuando se crea un enlace para compartir y el parámetro dl es usado Open-Xchange OX App Suite, OX Guard, and OX Documents suffer from se... • http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 56EXPL: 0CVE-2021-26699 – OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-26699
16 Jul 2021 — OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. OX App Suite versiones anteriores a 7.10.3-rev4 y 7.10.4 versiones anteriores a 7.10.4-rev4, permite un ataque de tipo SSRF por medio de un documento SVG compartido que es manejado inapropiadamente por el componente imageconverter cuando la extensión .png es usada Open-Xchange OX App Suite, OX Guard, and OX Documents suffer fr... • http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31934
https://notcve.org/view.php?id=CVE-2021-31934
30 Apr 2021 — OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone. OX App Suite versiones 7.10.4 y anteriores permiten un ataque de tipo XSS por medio de un objeto de contacto diseñado (carga útil en el campo position o company) que es manejado inapropiadamente en la Interfaz de Usuario App Suite en un teléfono inteligente. • https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31935
https://notcve.org/view.php?id=CVE-2021-31935
30 Apr 2021 — OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view. OX App Suite versiones 7.10.4 y anteriores permiten un ataque de tipo XSS por medio de una lista de distribución diseñada (carga útil en el nombre común) que es manejada inapropiadamente en la vista de programación. • https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28944 – OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-28944
30 Apr 2021 — OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data. OX Guard vesiones 2.10.4 y anteriores permiten una Denegación de Servicio por medio de un servidor WKS que responde lentamente o con una gran cantidad de datos. OX App Suite versions 7.10.4 and below suffer from cross site scripting and server-side request forgery vulnerabilities. OX Guard versions 2.10.4 and below suffer from a denial of service vulnerability. • http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28943 – OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-28943
30 Apr 2021 — OX App Suite 7.10.4 and earlier allows SSRF via a snippet. OX App Suite versiones 7.10.4 y anteriores, permiten un ataque de tipo SSRF por medio de un fragmento. OX App Suite versions 7.10.4 and below suffer from cross site scripting and server-side request forgery vulnerabilities. OX Guard versions 2.10.4 and below suffer from a denial of service vulnerability. • http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28945 – OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-28945
30 Apr 2021 — OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as  •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23927
https://notcve.org/view.php?id=CVE-2021-23927
12 Jan 2021 — OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo SSRF por medio de una URL con un carácter @ en una petición PUT de appsuite/api/oauth/proxy • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-918: Server-Side Request Forgery (SSRF) •