Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-24701 β€” Cross-site Scripting in Appsuite

CWE-79 β€” Cross-site Scripting5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
25.3%
top 3.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Open-xchange Appsuite
Timeline
PublishedJan 12
Latest updateMay 24

Description

OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-hxc8-899q-wp57: OX App Suite through 7β†—2022-05-24
β–Ά
CVEList
CVE-2020-24701: OX App Suite through 7β†—2021-01-12
β–Ά

πŸ’₯Exploits & PoCs

1
Nuclei
OX Appsuite - Cross-Site Scripting
β–Ά

πŸ•΅οΈThreat Intelligence

1
Greynoiseio
NoiseLetter October 2025β†—
β–Ά
CVE-2020-24701 β€” Cross-site Scripting in Appsuite | cvebase