Page 9 of 188 results (0.004 seconds)

CVSS: 5.4EPSS: 0%CPEs: 45EXPL: 0

CVE-2022-29853

https://notcve.org/view.php?id=CVE-2022-29853

OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. OX App Suite hasta 8.2 permite XSS a través de una cierta jerarquía compleja que obliga al uso de Mostrar Mensaje Completo para un mensaje de correo electrónico HTML enorme. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Sep/0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 45EXPL: 0

CVE-2022-29852

https://notcve.org/view.php?id=CVE-2022-29852

OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. OX App Suite hasta 8.2 permite XSS porque BMFreehand10 e image/x-freehand no están bloqueados. • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Sep/0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 0

CVE-2021-37403

https://notcve.org/view.php?id=CVE-2021-37403

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de un fragmento de código (contenido generado por el usuario) cuando es creado un enlace para compartir y una URL relativa de App Loader es usada • http://seclists.org/fulldisclosure/2021/Jul/33 https://www.open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 0

CVE-2021-37402

https://notcve.org/view.php?id=CVE-2021-37402

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de datos binarios que se manejan inapropiadamente cuando ha sido habilitado el endpoint de recuperación de datos heredado • http://seclists.org/fulldisclosure/2021/Jul/33 https://www.open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2021-28094

https://notcve.org/view.php?id=CVE-2021-28094

OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32. OX Documents versiones anteriores a 7.10.5-rev7, presenta un Control de Acceso Incorrecto para los documentos convertidos porque pueden ocurrir colisiones de hash, debido al uso de CRC32 • http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html http://seclists.org/fulldisclosure/2021/Jul/37 https://www.open-xchange.com • CWE-326: Inadequate Encryption Strength •