3 matches found
CVE-2022-31469
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!=%2e./ URI...
CVE-2022-31469
OX App Suite (v7.10.6 and earlier) is affected by a Cross-Site Scripting (XSS) vulnerability via deep links in emails. The root cause is a detection mechanism for deep links that can be exploited by injecting references to arbitrary fake applications (e.g., a /#!!&app=.%2e./ URI), enabling script...
OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-1654 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.6 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.10.5-rev37, 7.10.6-rev...