| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation Vulnerabilities | 15 Jun 202000:00 | – | zdt | |
| Open-Xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2020-52700) | 17 Jun 202000:00 | – | cnvd | |
| CVE-2020-8542 | 16 Jun 202013:46 | – | cvelist | |
| EUVD-2020-29408 | 7 Oct 202500:30 | – | euvd | |
| CVE-2020-8542 | 16 Jun 202014:15 | – | nvd | |
| CVE-2020-8542 | 16 Jun 202014:15 | – | osv | |
| OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation | 12 Jun 202000:00 | – | packetstorm | |
| OX App Suite / OX Documents XSS / SSRF / Bypass | 21 Aug 202000:00 | – | packetstorm | |
| Cross site scripting | 16 Jun 202014:15 | – | prion | |
| CVE-2020-8542 | 22 May 202515:42 | – | redhatcve |
| Source | Link |
|---|---|
| open-xchange | www.open-xchange.com/ |
| packetstormsecurity | www.packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html |
| seclists | www.seclists.org/fulldisclosure/2020/Aug/14 |
| packetstormsecurity | www.packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| User-Agent | header | /login | Rate-limiting logic can be bypassed by varying the user-agent string during authentication attempts. | CWE-79 |
| user_id | request body | /api/subscriptions | API endpoint exposure that can disclose or iterate over subscription metadata for other users due to insufficient access checks. | CWE-79 |
| subscription_id | request body | /api/subscriptions | API endpoint exposure that can disclose or iterate over subscription metadata for other users due to insufficient access checks. | CWE-79 |
| content_references | request body | /apps/load | Endpoint accepts multiple content references; potential for memory exhaustion by sending many references in one request. | CWE-79 |
| account_id | request body | /folder/list | API used to trigger account refresh; improper access checks could expose or manipulate data. | CWE-79 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation