CVE-2021-44211

OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.

CVE-2024-23193

E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation req...

CVE-2023-24597

OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing.

CVE-2021-38376

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.

CVE-2021-38374

OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.

CVE-2023-29052

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this ...

CVE-2023-41710

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this c...