CVSS: 6.4EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37308 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37308
30 Nov 2022 — OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. OX App Suite hasta 7.10.6 permite XSS a través de HTML en mensajes de texto/correo electrónico sin formato. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37309 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37309
30 Nov 2022 — OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. OX App Suite hasta 7.10.6 permite XSS mediante código script dentro de un contacto que tiene una dirección de correo electrónico pero carece de nombre. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37310 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37310
30 Nov 2022 — OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. OX App Suite hasta 7.10.6 permite XSS a través de una capacidad maliciosa para las métricas o el módulo de ayuda, como lo demuestra un URI /#!!&app=io.ox/files&cap=. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 53EXPL: 1CVE-2022-31469 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-31469
30 Nov 2022 — OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI. OX App Suite hasta 7.10.6 permite XSS a través de un enlace profundo, como lo demuestra class="deep-link-app" para un URI /#!!&app=%2e./. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37311 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37311
30 Nov 2022 — OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. OX App Suite hasta 7.10.6 tiene un consumo de recursos incontrolado a través de un parámetro de solicitud de ubicación grande al servlet de redirección. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37312 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37312
30 Nov 2022 — OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. OX App Suite hasta 7.10.6 tiene un consumo de recursos incontrolado a través de un cuerpo de solicitud grande que contiene una URL de redireccionamiento al servlet aplazador. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37313 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37313
30 Nov 2022 — OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. OX App Suite hasta 7.10.6 permite SSRF porque el mecanismo de protección anti-SSRF solo verifica el primer registro DNS AA o AAAA. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 0CVE-2022-29852
https://notcve.org/view.php?id=CVE-2022-29852
02 Sep 2022 — OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. OX App Suite hasta 8.2 permite XSS porque BMFreehand10 e image/x-freehand no están bloqueados. • https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 0CVE-2022-29853
https://notcve.org/view.php?id=CVE-2022-29853
02 Sep 2022 — OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. OX App Suite hasta 8.2 permite XSS a través de una cierta jerarquía compleja que obliga al uso de Mostrar Mensaje Completo para un mensaje de correo electrónico HTML enorme. • https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31934
https://notcve.org/view.php?id=CVE-2021-31934
30 Apr 2021 — OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone. OX App Suite versiones 7.10.4 y anteriores permiten un ataque de tipo XSS por medio de un objeto de contacto diseñado (carga útil en el campo position o company) que es manejado inapropiadamente en la Interfaz de Usuario App Suite en un teléfono inteligente. • https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •