CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37311 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37311
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. OX App Suite hasta 7.10.6 tiene un consumo de recursos incontrolado a través de un parámetro de solicitud de ubicación grande al servlet de redirección. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37307 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37307
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature. OX App Suite hasta 7.10.6 permite XSS a través de XHTML CDATA para un fragmento, como lo demuestra el atributo onerror de un elemento IMG dentro de una firma de correo electrónico. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37309 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37309
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. OX App Suite hasta 7.10.6 permite XSS mediante código script dentro de un contacto que tiene una dirección de correo electrónico pero carece de nombre. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 1CVE-2022-31469 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-31469
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI. OX App Suite hasta 7.10.6 permite XSS a través de un enlace profundo, como lo demuestra class="deep-link-app" para un URI /#!!&app=%2e./. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31468
https://notcve.org/view.php?id=CVE-2022-31468
OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. OX App Suite versiones hasta 8.2, permite un uso de tipo XSS por medio de un archivo adjunto o del contenido de OX Drive cuando un cliente usa el parámetro len u off • https://packetstormsecurity.com/files/168242/OX-App-Suite-Cross-Site-Scripting-Command-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •