CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2022-43697
https://notcve.org/view.php?id=CVE-2022-43697
OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob. • https://open-xchange.com https://seclists.org/fulldisclosure/2023/Feb/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2022-43698
https://notcve.org/view.php?id=CVE-2022-43698
OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list. • https://open-xchange.com https://seclists.org/fulldisclosure/2023/Feb/3 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2022-43699
https://notcve.org/view.php?id=CVE-2022-43699
OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address). • https://open-xchange.com https://seclists.org/fulldisclosure/2023/Feb/3 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 1CVE-2022-37306
https://notcve.org/view.php?id=CVE-2022-37306
OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger. • http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31468
https://notcve.org/view.php?id=CVE-2022-31468
OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. OX App Suite versiones hasta 8.2, permite un uso de tipo XSS por medio de un archivo adjunto o del contenido de OX Drive cuando un cliente usa el parámetro len u off • https://packetstormsecurity.com/files/168242/OX-App-Suite-Cross-Site-Scripting-Command-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •