Page 5 of 72 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view. OX App Suite versiones 7.10.4 y anteriores permiten un ataque de tipo XSS por medio de una lista de distribución diseñada (carga útil en el nombre común) que es manejada inapropiadamente en la vista de programación. • https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item. OX App Suite versiones 7.10.4 y anteriores, permiten un ataque de tipo XSS por medio de contenido diseñado para llegar a una función no documentada, tal y como ![](http://onerror=Function.constructor, en un item de Notes. OX App Suite versions 7.10.4 and below suffer from cross site scripting and server-side request forgery vulnerabilities. • https://open-xchange.com https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

OX App Suite 7.10.4 and earlier allows SSRF via a snippet. OX App Suite versiones 7.10.4 y anteriores, permiten un ataque de tipo SSRF por medio de un fragmento. OX App Suite versions 7.10.4 and below suffer from cross site scripting and server-side request forgery vulnerabilities. OX Guard versions 2.10.4 and below suffer from a denial of service vulnerability. • http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html https://open-xchange.com • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo SSRF por medio de una URL con un carácter @ en una petición PUT de appsuite/api/oauth/proxy • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS por medio de la cadena de consulta ajax/apps/manifiestos • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •