CVE-2021-38377

2021-11-2209:15:07

Google

osv.dev

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.7%

JSON

OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.

CPENameOperatorVersion
appsuite-frontendeq7.4.1-7
appsuite-frontendeq7.10.0-3
appsuite-frontendeq7.6.1-20
appsuite-frontendeq7.6.2-27
appsuite-frontendeq7.6.2-5
appsuite-frontendeq7.4.2-13
appsuite-frontendeq7.6.1-24
appsuite-frontendeq7.0.0-12
appsuite-frontendeq7.6.2-21
appsuite-frontendeq7.6.2-25

Name	Operator	Version
appsuite-frontend	eq	7.4.1-7
appsuite-frontend	eq	7.10.0-3
appsuite-frontend	eq	7.6.1-20
appsuite-frontend	eq	7.6.2-27
appsuite-frontend	eq	7.6.2-5
appsuite-frontend	eq	7.4.2-13
appsuite-frontend	eq	7.6.1-24
appsuite-frontend	eq	7.0.0-12
appsuite-frontend	eq	7.6.2-21
appsuite-frontend	eq	7.6.2-25