Search Results | AttackerKB

Show filters

Topics 10 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

10 Total Results

Displaying 1-10 of 10

Attacker Value

Unknown

CVE-2022-37310

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-37309

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-29853

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-29852

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-37308

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-37313

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-37312

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-37311

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-37307

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-31469

Disclosure Date: December 26, 2022 (last updated October 08, 2023)

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.

Attack Vector: Network Privileges: None User Interaction: Required

0