Page 6 of 151 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-28943 – OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting

https://notcve.org/view.php?id=CVE-2020-28943

OX App Suite 7.10.4 and earlier allows SSRF via a snippet. OX App Suite versiones 7.10.4 y anteriores, permiten un ataque de tipo SSRF por medio de un fragmento. OX App Suite versions 7.10.4 and below suffer from cross site scripting and server-side request forgery vulnerabilities. OX Guard versions 2.10.4 and below suffer from a denial of service vulnerability. • http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html https://open-xchange.com • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-28945 – OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting

https://notcve.org/view.php?id=CVE-2020-28945

OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item. OX App Suite versiones 7.10.4 y anteriores, permiten un ataque de tipo XSS por medio de contenido diseñado para llegar a una función no documentada, tal y como ![](http://onerror=Function.constructor, en un item de Notes. OX App Suite versions 7.10.4 and below suffer from cross site scripting and server-side request forgery vulnerabilities. • https://open-xchange.com https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-23927

https://notcve.org/view.php?id=CVE-2021-23927

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo SSRF por medio de una URL con un carácter @ en una petición PUT de appsuite/api/oauth/proxy • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-23928

https://notcve.org/view.php?id=CVE-2021-23928

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS por medio de la cadena de consulta ajax/apps/manifiestos • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-23929

https://notcve.org/view.php?id=CVE-2021-23929

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un encabezado Content-Disposition diseñado en un documento HTML cargado en un URI ajax/share/(share-token)?delivery=view • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •