CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23930
https://notcve.org/view.php?id=CVE-2021-23930
12 Jan 2021 — OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS mediante el uso de la API conversion para un archivo distribuido • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23931
https://notcve.org/view.php?id=CVE-2021-23931
12 Jan 2021 — OX App Suite through 7.10.4 allows XSS via an inline binary file. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un archivo binario en línea • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23932
https://notcve.org/view.php?id=CVE-2021-23932
12 Jan 2021 — OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de una imagen en línea con un nombre de archivo diseñado • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23933
https://notcve.org/view.php?id=CVE-2021-23933
12 Jan 2021 — OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un JavaScript en una Nota referenciada mediante una URL mail:// • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23934
https://notcve.org/view.php?id=CVE-2021-23934
12 Jan 2021 — OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un contacto cuyo nombre contiene código JavaScript • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23935
https://notcve.org/view.php?id=CVE-2021-23935
12 Jan 2021 — OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de una cita en el que la ubicación contiene código JavaScript • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23936
https://notcve.org/view.php?id=CVE-2021-23936
12 Jan 2021 — OX App Suite through 7.10.4 allows XSS via the subject of a task. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio del asunto de una tarea • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-24700 – OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-24700
08 Jan 2021 — OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF porque unas peticiones GET son enviadas a nombres de dominio arbitrarios con una subcadena autoconfig. inicial Open-Xchange OX App Suite, OX Guard, and OX Documents suffer from server-side request forgery and cross site scripting vulnerabilities. Some of these issues only affect version 7.10.3 while some aff... • http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 3CVE-2020-24701 – OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-24701
08 Jan 2021 — OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI). OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio del mecanismo de carga de la aplicación (el parámetro PATH_INFO en el URI /appsuite) Open-Xchange OX App Suite, OX Guard, and OX Documents suffer from server-side request forgery and cross site scripting vulnerabilities. Some of these issues only affect version 7.10.3 while some affect 7.10.4 and earlier. • http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15004 – OX App Suite / OX Documents 7.10.3 XSS / Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-15004
19 Oct 2020 — OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS de stats/diagnostic?param= OX App Suite and OX Documents versions 7.10.3 and some prior versions suffer from information exposure, server-side request forgery, and cross site scripting vulnerabilities. • https://seclists.org/fulldisclosure/2020/Oct/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •