CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-26456
https://notcve.org/view.php?id=CVE-2023-26456
02 Nov 2023 — Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known. • https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28944 – OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-28944
30 Apr 2021 — OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data. OX Guard vesiones 2.10.4 y anteriores permiten una Denegación de Servicio por medio de un servidor WKS que responde lentamente o con una gran cantidad de datos. OX App Suite versions 7.10.4 and below suffer from cross site scripting and server-side request forgery vulnerabilities. OX Guard versions 2.10.4 and below suffer from a denial of service vulnerability. • http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9426 – OX Guard 2.10.3 Cross Site Scripting / Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-9426
12 Jun 2020 — OX Guard 2.10.3 and earlier allows XSS. OX Guard versiones 2.10.3 y anteriores, permiten un ataque de tipo XSS OX Guard version 2.10.3 suffers from server-side request forgery and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/158069/OX-Guard-2.10.3-Cross-Site-Scripting-Server-Side-Request-Forgery.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9427 – OX Guard 2.10.3 Cross Site Scripting / Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-9427
12 Jun 2020 — OX Guard 2.10.3 and earlier allows SSRF. OX Guard versiones 2.10.3 y anteriores, permiten un ataque de tipo SSRF OX Guard version 2.10.3 suffers from server-side request forgery and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/158069/OX-Guard-2.10.3-Cross-Site-Scripting-Server-Side-Request-Forgery.html • CWE-918: Server-Side Request Forgery (SSRF) •