CVSS: 6.4EPSS: 0%CPEs: 31EXPL: 0CVE-2022-43696
https://notcve.org/view.php?id=CVE-2022-43696
15 Feb 2023 — OX App Suite before 7.10.6-rev20 allows XSS via upsell ads. • https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 31EXPL: 0CVE-2022-43697
https://notcve.org/view.php?id=CVE-2022-43697
15 Feb 2023 — OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob. • https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2022-43698
https://notcve.org/view.php?id=CVE-2022-43698
15 Feb 2023 — OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list. • https://open-xchange.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2022-43699
https://notcve.org/view.php?id=CVE-2022-43699
15 Feb 2023 — OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address). • https://open-xchange.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31468
https://notcve.org/view.php?id=CVE-2022-31468
02 Sep 2022 — OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. OX App Suite versiones hasta 8.2, permite un uso de tipo XSS por medio de un archivo adjunto o del contenido de OX Drive cuando un cliente usa el parámetro len u off • https://packetstormsecurity.com/files/168242/OX-App-Suite-Cross-Site-Scripting-Command-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29851
https://notcve.org/view.php?id=CVE-2022-29851
02 Sep 2022 — documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. documentconverter en OX App Suite versiones hasta 7.10.6, en una configuración no predeterminada con ghostscript, permite una inyección de comandos del sistema operativo porque la conversión de archivos puede ocurrir para un documento EPS que se disfraza como un documento PDF • https://packetstormsecurity.com/files/168242/OX-App-Suite-Cross-Site-Scripting-Command-Injection.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24406
https://notcve.org/view.php?id=CVE-2022-24406
22 Jul 2022 — OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls. OX App Suite versiones hasta 7.10.6, permite un ataque de tipo SSRF porque los límites de multipart/form-data son predecibles, y esto puede conllevar a una inyección en las llamadas internas de la API de Documentconverter • https://open-xchange.com • CWE-330: Use of Insufficiently Random Values •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23101
https://notcve.org/view.php?id=CVE-2022-23101
22 Jul 2022 — OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. OX App Suite versiones hasta 7.10.6, permite XSS por medio de appHandler en un enlace profundo en un mensaje de correo electrónico • https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2022-23100
https://notcve.org/view.php?id=CVE-2022-23100
22 Jul 2022 — OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). OX App Suite versiones hasta versión 7.10.6, permite una inyección de comandos del Sistema Operativo por medio de Documentconverter (por ejemplo, mediante de un archivo adjunto de correo electrónico) • https://open-xchange.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2022-24405
https://notcve.org/view.php?id=CVE-2022-24405
22 Jul 2022 — OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. OX App Suite versiones hasta versión 7.10.6, permite una inyección de comandos del Sistema Operativo por medio de una clase Java serializada a la API de Documentconverter • https://open-xchange.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •