Search Results | AttackerKB

182 Total Results

Displaying 71-80 of 182

Attacker Value

Unknown

CVE-2020-15002

Disclosure Date: October 23, 2020 (last updated February 22, 2025)

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.

Attacker Value

Unknown

CVE-2020-15003

Disclosure Date: October 23, 2020 (last updated November 28, 2024)

OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2020-12646

Disclosure Date: August 31, 2020 (last updated February 22, 2025)

OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.

Attack Vector: Network Privileges: Low User Interaction: Required

Attacker Value

Unknown

CVE-2020-12644

Disclosure Date: August 31, 2020 (last updated February 22, 2025)

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2020-12643

Disclosure Date: August 31, 2020 (last updated February 22, 2025)

OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2020-12645

Disclosure Date: August 31, 2020 (last updated February 22, 2025)

OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.

Attack Vector: Network Privileges: None User Interaction: None