CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37309 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37309
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. OX App Suite hasta 7.10.6 permite XSS mediante código script dentro de un contacto que tiene una dirección de correo electrónico pero carece de nombre. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 1CVE-2022-31469 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-31469
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI. OX App Suite hasta 7.10.6 permite XSS a través de un enlace profundo, como lo demuestra class="deep-link-app" para un URI /#!!&app=%2e./. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 45EXPL: 0CVE-2022-29853
https://notcve.org/view.php?id=CVE-2022-29853
OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. OX App Suite hasta 8.2 permite XSS a través de una cierta jerarquía compleja que obliga al uso de Mostrar Mensaje Completo para un mensaje de correo electrónico HTML enorme. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Sep/0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 45EXPL: 0CVE-2022-29852
https://notcve.org/view.php?id=CVE-2022-29852
OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. OX App Suite hasta 8.2 permite XSS porque BMFreehand10 e image/x-freehand no están bloqueados. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Sep/0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 0CVE-2021-37403
https://notcve.org/view.php?id=CVE-2021-37403
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de un fragmento de código (contenido generado por el usuario) cuando es creado un enlace para compartir y una URL relativa de App Loader es usada • http://seclists.org/fulldisclosure/2021/Jul/33 https://www.open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •