DRD Fleet Leasing DRDrive SQL Injection Vulnerability

DRD Fleet Leasing DRDrive is a mobile application from DRD Fleet Leasing. A security vulnerability exists in versions prior to DRD Fleet Leasing DRDrive 20231006 that stems from the presence of a SQL injection vulnerability...

Open-Xchange: Another Stored XSS in mail app using Drive app

Vulnerability Details: When replying to a HTML E-Mail with specific payload, that payload could be executed as script code. The user would have to have HTML composing enabled to exploit this vulnerability. This vulnerability could happen as browsers incorrectly "fix" HTML content as demonstrated ...

Override Access Vulnerability in the Swish Open App

Swish and Drive App is a rental car for traveling. A vulnerability exists in Swish and Drive APP. An attacker can gain access to sensitive information by grabbing packets and modifying IDs...

Design/Logic Flaw

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code c...