Cross site scripting

2022-12-2602:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

ox app suite

7.10.6

deep link

uri

vulnerability

0.001 Low

EPSS

Percentile

35.7%

JSON

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class=“deep-link-app” for a /#!!&app=%2e./ URI.

CPENameOperatorVersion
open-xchange_appsuitelt7.10.5
open-xchange_appsuiteeq7.10.5 patchrelease6149
open-xchange_appsuiteeq7.10.5 patchrelease6140
open-xchange_appsuiteeq7.10.5 patchrelease6137
open-xchange_appsuiteeq7.10.5 patchrelease6132
open-xchange_appsuiteeq7.10.5 patchrelease6120
open-xchange_appsuiteeq7.10.5 patchrelease6111
open-xchange_appsuiteeq7.10.5 patchrelease6101
open-xchange_appsuiteeq7.10.5 patchrelease6092
open-xchange_appsuiteeq7.10.5 patchrelease6084

Name	Operator	Version
open-xchange_appsuite	lt	7.10.5
open-xchange_appsuite	eq	7.10.5 patchrelease6149
open-xchange_appsuite	eq	7.10.5 patchrelease6140
open-xchange_appsuite	eq	7.10.5 patchrelease6137
open-xchange_appsuite	eq	7.10.5 patchrelease6132
open-xchange_appsuite	eq	7.10.5 patchrelease6120
open-xchange_appsuite	eq	7.10.5 patchrelease6111
open-xchange_appsuite	eq	7.10.5 patchrelease6101
open-xchange_appsuite	eq	7.10.5 patchrelease6092
open-xchange_appsuite	eq	7.10.5 patchrelease6084

Rows per page:

1-10 of 531

References

open-xchange.com

seclists.org/fulldisclosure/2022/Nov/18

0.001 Low

EPSS

Percentile

35.7%

JSON

Related for PRION:CVE-2022-31469