Check CVE Id
Check CWE Id
OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting
OX App Suite / OX Documents 7.10.3 XSS / Server-Side Request Forgery
OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control
Open-Xchange OX Guard Cross Site Scripting / Signature Validation
Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
Base Soundtouch 18.1.4 Cross Site Scripting
OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
Open-Xchange App Suite 7.8.1 Cross Site Scripting
Open-Xchange Server 6 / OX AppSuite Cross Site Scripting
Open-Xchange Server 6 / OX AppSuite 7.6.1 Cross Site Scripting
John de Kroon
Open-Xchange 7.6.0 XSS / SSRF / Traversal
Open-Xchange AppSuite 7.4.1 / 7.4.2 Cross Site Scripting
Open-Xchange 7.4.1 Script Insertion
Open-Xchange AppSuite Script Insertion
CVEMAP Search Results
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow injections that could lead to XSS attacks if unsuspecting users are tricked into accessing a malicious link.
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
Back to Top