3 matches found
CVE-2021-38375
OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message...
CVE-2021-38375
OX App Suite (Open-Xchange) versions up to 7.10.5 are affected by a Cross-Site Scripting vulnerability in the frontend component. The root cause is described as the pp loader mechanism that could be abused to load content from relative URLs outside the intended API path, enabling attackers to i...
OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure
Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-872 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.10.3-rev30, 7.10.4-rev2...