CVE-2021-37403

Опубликовано: 22 июл. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.

Ссылки

http://seclists.org/fulldisclosure/2021/Jul/33
Mailing List
Not Applicable
Third Party Advisory
https://www.open-xchange.com
Vendor Advisory
http://seclists.org/fulldisclosure/2021/Jul/33
Mailing List
Not Applicable
Third Party Advisory
https://www.open-xchange.com
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5547:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5572:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5623:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5653:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5677:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5720:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev10:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev11:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev12:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev13:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev14:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev15:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev16:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev17:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev18:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev19:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev20:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev21:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev22:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev23:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev24:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev25:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev26:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev27:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev28:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev29:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev30:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev31:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev7:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev8:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev9:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:-:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev1:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev10:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev11:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev12:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev13:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev14:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev15:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev16:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev17:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev2:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev3:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev4:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev5:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev6:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev7:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev8:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev9:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00487

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-xfff-cfmp-p8vp

github

больше 3 лет назад