Search Results | AttackerKB

Show filters

Topics 182 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

182 Total Results

Displaying 41-50 of 182

Attacker Value

Unknown

CVE-2022-37309

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-29853

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-29852

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-37308

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-37313

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-37312

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-37311

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-37307

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-31469

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-37402

Disclosure Date: July 22, 2021 (last updated February 23, 2025)

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.

Attack Vector: Network Privileges: None User Interaction: Required

0