Lucene search

[email protected]CVE-2022-43697

HistoryApr 15, 2023 - 2:15 a.m.

CVE-2022-43697

2023-04-1502:15:07

CWE-79

[email protected]

web.nvd.nist.gov

177

cve-2022-43697

ox app suite

xss

activity tracking adapter

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

43.8%

JSON

OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob.

Affected configurations

NVD

Node

open-xchangeox_app_suiteRange<7.10.6

open-xchangeox_app_suiteMatch7.10.6-

open-xchangeox_app_suiteMatch7.10.6rev01

open-xchangeox_app_suiteMatch7.10.6rev02

open-xchangeox_app_suiteMatch7.10.6rev03

open-xchangeox_app_suiteMatch7.10.6rev04

open-xchangeox_app_suiteMatch7.10.6rev05

open-xchangeox_app_suiteMatch7.10.6rev06

open-xchangeox_app_suiteMatch7.10.6rev07

open-xchangeox_app_suiteMatch7.10.6rev08

open-xchangeox_app_suiteMatch7.10.6rev09

open-xchangeox_app_suiteMatch7.10.6rev10

open-xchangeox_app_suiteMatch7.10.6rev11

open-xchangeox_app_suiteMatch7.10.6rev12

open-xchangeox_app_suiteMatch7.10.6rev13

open-xchangeox_app_suiteMatch7.10.6rev14

open-xchangeox_app_suiteMatch7.10.6rev15

open-xchangeox_app_suiteMatch7.10.6rev16

open-xchangeox_app_suiteMatch7.10.6rev17

open-xchangeox_app_suiteMatch7.10.6rev18

open-xchangeox_app_suiteMatch7.10.6rev19

open-xchangeox_app_suiteMatch7.10.6rev20

open-xchangeox_app_suiteMatch7.10.6rev21

open-xchangeox_app_suiteMatch7.10.6rev22

open-xchangeox_app_suiteMatch7.10.6rev23

open-xchangeox_app_suiteMatch7.10.6rev24

open-xchangeox_app_suiteMatch7.10.6rev25

open-xchangeox_app_suiteMatch7.10.6rev26

open-xchangeox_app_suiteMatch7.10.6rev27

open-xchangeox_app_suiteMatch7.10.6rev28

open-xchangeox_app_suiteMatch7.10.6rev29

CPENameOperatorVersion
open-xchange:ox_app_suiteopen-xchange ox app suitelt7.10.6

CPE	Name	Operator	Version
open-xchange:ox_app_suite	open-xchange ox app suite	lt	7.10.6

References

open-xchange.com

seclists.org/fulldisclosure/2023/Feb/3

Social References

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

43.8%

JSON

Related for CVE-2022-43697

osv1 cvelist1 nvd1 prion1