CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33488 – OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal
https://notcve.org/view.php?id=CVE-2021-33488
22 Nov 2021 — chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook. El chat en OX App Suite versión 7.10.5, presenta una comprobación de entrada inapropiada. Un usuario puede ser redirigido a un servidor de OX Chat fraudulento por medio de un hook relacionado con el desarrollo OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affec... • http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2014-5237
https://notcve.org/view.php?id=CVE-2014-5237
15 Sep 2014 — Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview. Vulnerabilidad de SSRF en el componente documentconverter en Open-Xchange (OX) AppSuite anterior a 7.4.2-rev10 y 7.6.x anterior a 7.6.0-rev10 permite a ata... • http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html •