CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37312 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37312
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. OX App Suite hasta 7.10.6 tiene un consumo de recursos incontrolado a través de un cuerpo de solicitud grande que contiene una URL de redireccionamiento al servlet aplazador. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37310 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37310
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. OX App Suite hasta 7.10.6 permite XSS a través de una capacidad maliciosa para las métricas o el módulo de ayuda, como lo demuestra un URI /#!!&app=io.ox/files&cap=. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37313 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37313
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. OX App Suite hasta 7.10.6 permite SSRF porque el mecanismo de protección anti-SSRF solo verifica el primer registro DNS AA o AAAA. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37308 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37308
OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. OX App Suite hasta 7.10.6 permite XSS a través de HTML en mensajes de texto/correo electrónico sin formato. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 1CVE-2022-37311 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
https://notcve.org/view.php?id=CVE-2022-37311
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. OX App Suite hasta 7.10.6 tiene un consumo de recursos incontrolado a través de un parámetro de solicitud de ubicación grande al servlet de redirección. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-1284: Improper Validation of Specified Quantity in Input •