CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2020-24701 – OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-24701
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI). OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio del mecanismo de carga de la aplicación (el parámetro PATH_INFO en el URI /appsuite) Open-Xchange OX App Suite, OX Guard, and OX Documents suffer from server-side request forgery and cross site scripting vulnerabilities. Some of these issues only affect version 7.10.3 while some affect 7.10.4 and earlier. • http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2021/Jul/33 https://www.open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 2CVE-2020-24700 – OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-24700
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF porque unas peticiones GET son enviadas a nombres de dominio arbitrarios con una subcadena autoconfig. inicial Open-Xchange OX App Suite, OX Guard, and OX Documents suffer from server-side request forgery and cross site scripting vulnerabilities. Some of these issues only affect version 7.10.3 while some affect 7.10.4 and earlier. • http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2021/Jul/33 https://www.open-xchange.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15004 – OX App Suite / OX Documents 7.10.3 XSS / Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-15004
OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS de stats/diagnostic?param= OX App Suite and OX Documents versions 7.10.3 and some prior versions suffer from information exposure, server-side request forgery, and cross site scripting vulnerabilities. • https://seclists.org/fulldisclosure/2020/Oct/20 https://www.open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15003 – OX App Suite / OX Documents 7.10.3 XSS / Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-15003
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). OX App Suite versiones hasta 7.10.3, permite una Exposición de Información porque un usuario puede obtener la dirección IP y la cadena User-Agent de un usuario diferente (por medio de la API de sesión durante el acceso a la Unidad compartida) OX App Suite and OX Documents versions 7.10.3 and some prior versions suffer from information exposure, server-side request forgery, and cross site scripting vulnerabilities. • https://seclists.org/fulldisclosure/2020/Oct/20 https://www.open-xchange.com •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2020-15002 – OX App Suite / OX Documents 7.10.3 XSS / Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-15002
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF por medio de la API de mensajes /ajax/messaging/message OX App Suite and OX Documents versions 7.10.3 and some prior versions suffer from information exposure, server-side request forgery, and cross site scripting vulnerabilities. • https://github.com/skr0x1c0/SSRF-CVE-2020-15002 https://github.com/skr0x1c0/Blind-SSRF-CVE-2020-15002 https://seclists.org/fulldisclosure/2020/Oct/20 https://www.open-xchange.com • CWE-918: Server-Side Request Forgery (SSRF) •