RSS   Podatności dla 'Ox app suite'   RSS

2021-11-22
 
CVE-2021-33488

CWE-20
 

 
chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.

 
 
CVE-2021-33489

CWE-79
 

 
OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file.

 
 
CVE-2021-33490

CWE-79
 

 
OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.

 
 
CVE-2021-33491

CWE-22
 

 
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.

 
 
CVE-2021-33492

CWE-79
 

 
OX App Suite 7.10.5 allows XSS via an OX Chat room name.

 
 
CVE-2021-33493

CWE-94
 

 
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.

 
 
CVE-2021-33494

CWE-79
 

 
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.

 
 
CVE-2021-33495

CWE-79
 

 
OX App Suite 7.10.5 allows XSS via an OX Chat system message.

 
 
CVE-2021-38374

CWE-79
 

 
OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.

 
 
CVE-2021-38375

CWE-79
 

 
OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message.

 


Copyright 2022, cxsecurity.com

 

Back to Top