CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12646 – OX App Suite / OX Documents XSS / SSRF / Bypass
https://notcve.org/view.php?id=CVE-2020-12646
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. OX App Suite versiones 7.10.3 y anteriores, permiten un ataque de tipo XSS por medio de texto/x-javascript, texto/rdf o un documento PDF OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected. • https://exchange.xforce.ibmcloud.com/vulnerabilities/187114 https://www.open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12644 – OX App Suite / OX Documents XSS / SSRF / Bypass
https://notcve.org/view.php?id=CVE-2020-12644
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. OX App Suite versiones 7.10.3 y anteriores, permiten un ataque de tipo SSRF, relacionado con la API de la cuenta de correo y la API /folder/list OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected. • https://exchange.xforce.ibmcloud.com/vulnerabilities/187116 https://seclists.org/fulldisclosure/2020/Aug/14 https://www.open-xchange.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12645 – OX App Suite / OX Documents XSS / SSRF / Bypass
https://notcve.org/view.php?id=CVE-2020-12645
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. OX App Suite versiones 7.10.1 hasta 7.10.3, presenta una comprobación de entrada inapropiada para los límites de tarifas con un encabezado User-Agent diseñado, avisos de vacaciones falsificados y consumo de memoria de /apps/load OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected. • https://seclists.org/fulldisclosure/2020/Aug/14 https://www.open-xchange.com • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9426 – OX Guard 2.10.3 Cross Site Scripting / Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-9426
OX Guard 2.10.3 and earlier allows XSS. OX Guard versiones 2.10.3 y anteriores, permiten un ataque de tipo XSS OX Guard version 2.10.3 suffers from server-side request forgery and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/158069/OX-Guard-2.10.3-Cross-Site-Scripting-Server-Side-Request-Forgery.html https://seclists.org/fulldisclosure/2020/Jun/20 https://www.open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9427 – OX Guard 2.10.3 Cross Site Scripting / Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-9427
OX Guard 2.10.3 and earlier allows SSRF. OX Guard versiones 2.10.3 y anteriores, permiten un ataque de tipo SSRF OX Guard version 2.10.3 suffers from server-side request forgery and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/158069/OX-Guard-2.10.3-Cross-Site-Scripting-Server-Side-Request-Forgery.html https://seclists.org/fulldisclosure/2020/Jun/20 https://www.open-xchange.com • CWE-918: Server-Side Request Forgery (SSRF) •