Show filters
182 Total Results
Displaying 61-70 of 182
Sort by:
Attacker Value
Unknown

CVE-2021-23933

Disclosure Date: January 12, 2021 (last updated February 22, 2025)
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-23935

Disclosure Date: January 12, 2021 (last updated February 22, 2025)
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-23927

Disclosure Date: January 12, 2021 (last updated February 22, 2025)
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-23929

Disclosure Date: January 12, 2021 (last updated February 22, 2025)
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-23936

Disclosure Date: January 12, 2021 (last updated February 22, 2025)
OX App Suite through 7.10.4 allows XSS via the subject of a task.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-23930

Disclosure Date: January 12, 2021 (last updated February 22, 2025)
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-23934

Disclosure Date: January 12, 2021 (last updated February 22, 2025)
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-24700

Disclosure Date: January 12, 2021 (last updated February 22, 2025)
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-24701

Disclosure Date: January 12, 2021 (last updated February 22, 2025)
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-15003

Disclosure Date: October 23, 2020 (last updated November 28, 2024)
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  < Previous  Next >