CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 0CVE-2021-37402
https://notcve.org/view.php?id=CVE-2021-37402
22 Jul 2021 — OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de datos binarios que se manejan inapropiadamente cuando ha sido habilitado el endpoint de recuperación de datos heredado • http://seclists.org/fulldisclosure/2021/Jul/33 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 2CVE-2021-26698 – OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-26698
16 Jul 2021 — OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de un fragmento de código (contenido generado por el usuario) cuando se crea un enlace para compartir y el parámetro dl es usado Open-Xchange OX App Suite, OX Guard, and OX Documents suffer from se... • http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 56EXPL: 0CVE-2021-26699 – OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-26699
16 Jul 2021 — OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. OX App Suite versiones anteriores a 7.10.3-rev4 y 7.10.4 versiones anteriores a 7.10.4-rev4, permite un ataque de tipo SSRF por medio de un documento SVG compartido que es manejado inapropiadamente por el componente imageconverter cuando la extensión .png es usada Open-Xchange OX App Suite, OX Guard, and OX Documents suffer fr... • http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31934
https://notcve.org/view.php?id=CVE-2021-31934
30 Apr 2021 — OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone. OX App Suite versiones 7.10.4 y anteriores permiten un ataque de tipo XSS por medio de un objeto de contacto diseñado (carga útil en el campo position o company) que es manejado inapropiadamente en la Interfaz de Usuario App Suite en un teléfono inteligente. • https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31935
https://notcve.org/view.php?id=CVE-2021-31935
30 Apr 2021 — OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view. OX App Suite versiones 7.10.4 y anteriores permiten un ataque de tipo XSS por medio de una lista de distribución diseñada (carga útil en el nombre común) que es manejada inapropiadamente en la vista de programación. • https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28943 – OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-28943
30 Apr 2021 — OX App Suite 7.10.4 and earlier allows SSRF via a snippet. OX App Suite versiones 7.10.4 y anteriores, permiten un ataque de tipo SSRF por medio de un fragmento. OX App Suite versions 7.10.4 and below suffer from cross site scripting and server-side request forgery vulnerabilities. OX Guard versions 2.10.4 and below suffer from a denial of service vulnerability. • http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28945 – OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-28945
30 Apr 2021 — OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as  •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23927
https://notcve.org/view.php?id=CVE-2021-23927
12 Jan 2021 — OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo SSRF por medio de una URL con un carácter @ en una petición PUT de appsuite/api/oauth/proxy • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23928
https://notcve.org/view.php?id=CVE-2021-23928
12 Jan 2021 — OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS por medio de la cadena de consulta ajax/apps/manifiestos • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23929
https://notcve.org/view.php?id=CVE-2021-23929
12 Jan 2021 — OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un encabezado Content-Disposition diseñado en un documento HTML cargado en un URI ajax/share/(share-token)?delivery=view • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •