CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33488 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33488
chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook. El chat en OX App Suite versión 7.10.5, presenta una comprobación de entrada inapropiada. Un usuario puede ser redirigido a un servidor de OX Chat fraudulento por medio de un hook relacionado con el desarrollo OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html http://seclists.org/fulldisclosure/2021/Nov/42 https://open-xchange.com • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2014-5237
https://notcve.org/view.php?id=CVE-2014-5237
Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview. Vulnerabilidad de SSRF en el componente documentconverter en Open-Xchange (OX) AppSuite anterior a 7.4.2-rev10 y 7.6.x anterior a 7.6.0-rev10 permite a atacantes remotos provocar solicitudes a servidores arbitrarios y anidar imágenes arbitrarias a través de una URL en una imagen anidiada en un documento de texto, lo que no se maneja debidamente en la vista previa de la imagen. • http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf http://www.securityfocus.com/archive/1/533443/100/0/threaded •