Page 8 of 188 results (0.014 seconds)

CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 1

CVE-2022-37311 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption

https://notcve.org/view.php?id=CVE-2022-37311

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. OX App Suite hasta 7.10.6 tiene un consumo de recursos incontrolado a través de un parámetro de solicitud de ubicación grande al servlet de redirección. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 1

CVE-2022-37313 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption

https://notcve.org/view.php?id=CVE-2022-37313

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. OX App Suite hasta 7.10.6 permite SSRF porque el mecanismo de protección anti-SSRF solo verifica el primer registro DNS AA o AAAA. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 1

CVE-2022-37312 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption

https://notcve.org/view.php?id=CVE-2022-37312

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. OX App Suite hasta 7.10.6 tiene un consumo de recursos incontrolado a través de un cuerpo de solicitud grande que contiene una URL de redireccionamiento al servlet aplazador. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 1

CVE-2022-37307 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption

https://notcve.org/view.php?id=CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature. OX App Suite hasta 7.10.6 permite XSS a través de XHTML CDATA para un fragmento, como lo demuestra el atributo onerror de un elemento IMG dentro de una firma de correo electrónico. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 1

CVE-2022-37308 – OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption

https://notcve.org/view.php?id=CVE-2022-37308

OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. OX App Suite hasta 7.10.6 permite XSS a través de HTML en mensajes de texto/correo electrónico sin formato. OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •