CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23100
https://notcve.org/view.php?id=CVE-2022-23100
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). OX App Suite versiones hasta versión 7.10.6, permite una inyección de comandos del Sistema Operativo por medio de Documentconverter (por ejemplo, mediante de un archivo adjunto de correo electrónico) • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Jul/11 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24405
https://notcve.org/view.php?id=CVE-2022-24405
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. OX App Suite versiones hasta versión 7.10.6, permite una inyección de comandos del Sistema Operativo por medio de una clase Java serializada a la API de Documentconverter • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Jul/11 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23101
https://notcve.org/view.php?id=CVE-2022-23101
OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. OX App Suite versiones hasta 7.10.6, permite XSS por medio de appHandler en un enlace profundo en un mensaje de correo electrónico • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Jul/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44209 – OX App Suite 7.10.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-44209
OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de un elemento HTML 5 como AUDIO OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44210 – OX App Suite 7.10.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-44210
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de datos NIFF (Notation Interchange File Format) OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •