CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12643 – OX App Suite / OX Documents XSS / SSRF / Bypass
https://notcve.org/view.php?id=CVE-2020-12643
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. OX App Suite versiones 7.10.3 y anteriores, presentan un Control de Acceso Incorrecto por medio de una petición de /api/subscriptions para un fragmento que contiene una dirección de correo electrónico OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected. • http://seclists.org/fulldisclosure/2020/Aug/14 https://www.open-xchange.com • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12646 – OX App Suite / OX Documents XSS / SSRF / Bypass
https://notcve.org/view.php?id=CVE-2020-12646
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. OX App Suite versiones 7.10.3 y anteriores, permiten un ataque de tipo XSS por medio de texto/x-javascript, texto/rdf o un documento PDF OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected. • https://exchange.xforce.ibmcloud.com/vulnerabilities/187114 https://www.open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12644 – OX App Suite / OX Documents XSS / SSRF / Bypass
https://notcve.org/view.php?id=CVE-2020-12644
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. OX App Suite versiones 7.10.3 y anteriores, permiten un ataque de tipo SSRF, relacionado con la API de la cuenta de correo y la API /folder/list OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected. • https://exchange.xforce.ibmcloud.com/vulnerabilities/187116 https://seclists.org/fulldisclosure/2020/Aug/14 https://www.open-xchange.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12645 – OX App Suite / OX Documents XSS / SSRF / Bypass
https://notcve.org/view.php?id=CVE-2020-12645
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. OX App Suite versiones 7.10.1 hasta 7.10.3, presenta una comprobación de entrada inapropiada para los límites de tarifas con un encabezado User-Agent diseñado, avisos de vacaciones falsificados y consumo de memoria de /apps/load OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected. • https://seclists.org/fulldisclosure/2020/Aug/14 https://www.open-xchange.com • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.5EPSS: 0%CPEs: 125EXPL: 0CVE-2020-8543 – OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation
https://notcve.org/view.php?id=CVE-2020-8543
OX App Suite through 7.10.3 has Improper Input Validation. OX App Suite versiones hasta 7.10.3, presenta una Comprobación de Entrada Inapropiada OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. • https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html https://www.open-xchange.com • CWE-20: Improper Input Validation •