Cross site scripting

2023-05-2903:15:00

PRIOn knowledge base

www.prio-n.com

xss

ox app suite

non-app deeplink

jslob api's registry sub-tree

frontend 7.10.6-rev24

0.001 Low

EPSS

Percentile

43.8%

JSON

OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API’s registry sub-tree.

CPENameOperatorVersion
ox_app_suiteeq7.10.6 rev1
ox_app_suiteeq7.10.6 rev2
ox_app_suiteeq7.10.6 rev3
ox_app_suiteeq7.10.6 rev4
ox_app_suiteeq7.10.6 rev5
ox_app_suiteeq7.10.6 rev6
ox_app_suiteeq7.10.6 rev7
ox_app_suiteeq7.10.6 rev8
ox_app_suiteeq7.10.6 rev9
ox_app_suiteeq7.10.6 rev10

Name	Operator	Version
ox_app_suite	eq	7.10.6 rev1
ox_app_suite	eq	7.10.6 rev2
ox_app_suite	eq	7.10.6 rev3
ox_app_suite	eq	7.10.6 rev4
ox_app_suite	eq	7.10.6 rev5
ox_app_suite	eq	7.10.6 rev6
ox_app_suite	eq	7.10.6 rev7
ox_app_suite	eq	7.10.6 rev8
ox_app_suite	eq	7.10.6 rev9
ox_app_suite	eq	7.10.6 rev10

Rows per page:

1-10 of 251

References

seclists.org/fulldisclosure/2023/May/3

open-xchange.com

0.001 Low

EPSS

Percentile

43.8%

JSON

Related for PRION:CVE-2023-24601