CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 0CVE-2021-37402
https://notcve.org/view.php?id=CVE-2021-37402
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de datos binarios que se manejan inapropiadamente cuando ha sido habilitado el endpoint de recuperación de datos heredado • http://seclists.org/fulldisclosure/2021/Jul/33 https://www.open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 56EXPL: 0CVE-2021-26699 – OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-26699
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. OX App Suite versiones anteriores a 7.10.3-rev4 y 7.10.4 versiones anteriores a 7.10.4-rev4, permite un ataque de tipo SSRF por medio de un documento SVG compartido que es manejado inapropiadamente por el componente imageconverter cuando la extensión .png es usada Open-Xchange OX App Suite, OX Guard, and OX Documents suffer from server-side request forgery and cross site scripting vulnerabilities. Some of these issues only affect version 7.10.3 while some affect 7.10.4 and earlier. • http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2021/Jul/33 https://seclists.org/fulldisclosure/2021/Jul/33 https://www.open-xchange.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 2CVE-2021-26698 – OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-26698
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de un fragmento de código (contenido generado por el usuario) cuando se crea un enlace para compartir y el parámetro dl es usado Open-Xchange OX App Suite, OX Guard, and OX Documents suffer from server-side request forgery and cross site scripting vulnerabilities. Some of these issues only affect version 7.10.3 while some affect 7.10.4 and earlier. • http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2021/Jul/33 https://www.open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31934
https://notcve.org/view.php?id=CVE-2021-31934
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone. OX App Suite versiones 7.10.4 y anteriores permiten un ataque de tipo XSS por medio de un objeto de contacto diseñado (carga útil en el campo position o company) que es manejado inapropiadamente en la Interfaz de Usuario App Suite en un teléfono inteligente. • https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31935
https://notcve.org/view.php?id=CVE-2021-31935
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view. OX App Suite versiones 7.10.4 y anteriores permiten un ataque de tipo XSS por medio de una lista de distribución diseñada (carga útil en el nombre común) que es manejada inapropiadamente en la vista de programación. • https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •