CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24406
https://notcve.org/view.php?id=CVE-2022-24406
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls. OX App Suite versiones hasta 7.10.6, permite un ataque de tipo SSRF porque los límites de multipart/form-data son predecibles, y esto puede conllevar a una inyección en las llamadas internas de la API de Documentconverter • https://open-xchange.com https://seclists.org/fulldisclosure/2022/Jul/11 • CWE-330: Use of Insufficiently Random Values •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44208 – OX App Suite 7.10.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-44208
OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de un mensaje de sistema desconocido en el chat OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44209 – OX App Suite 7.10.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-44209
OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de un elemento HTML 5 como AUDIO OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44210 – OX App Suite 7.10.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-44210
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de datos NIFF (Notation Interchange File Format) OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44212 – OX App Suite 7.10.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-44212
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring. OX App Suite versiones hasta 7.10.5, permite un ataque de tipo XSS por medio de un carácter de control al final del mensaje, como la subcadena SCRIPT\t OX App Suite versions 7.10.5 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html https://open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •