CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 3CVE-2018-5754 – OX App Suite 7.8.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-5754
Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard. Vulnerabilidad de Cross-Site Scripting (XSS) en el componente office-web en Open-Xchange OX App Suite en versiones anteriores a la 7.8.3-rev12 y versiones 7.8.4 anteriores a la 7.8.4-rev9 permite que atacantes remoto inyecten scripts web o HTML arbitrarios mediante un archivo de presentación manipulado. Esto está relacionado con la copia de contenidos al portapapeles. OX App Suite versions 7.8.4 and below suffer from cross site scripting, improper privilege management, content spoofing, server-side request forgery, and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/44881 http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html http://seclists.org/fulldisclosure/2018/Jun/23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 78EXPL: 3CVE-2018-5752 – OX App Suite 7.8.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-5752
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses. El componente backend en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev36, versiones 7.8.x anteriores a la 7.8.2-rev39, versiones 7.8.3 anteriores a la 7.8.3-rev44 y versiones 7.8.4 anteriores a la 7.8.4-rev22 permite que atacantes remotos realicen ataques de Server-Side Request Forgery (SSRF) mediante vectores relacionados con representaciones no decimales de direcciones IP y direcciones IPv6 relacionadas especiales. OX App Suite versions 7.8.4 and below suffer from cross site scripting, improper privilege management, content spoofing, server-side request forgery, and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/44881 http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html http://seclists.org/fulldisclosure/2018/Jun/23 • CWE-918: Server-Side Request Forgery (SSRF) •