CVE-2021-38374 — Cross-site Scripting in OX APP Suite

CWE-79 — Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.4%
top 37.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Open-xchange OX APP Suite
Timeline
PublishedNov 22
Latest updateMay 24

Description

OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-7wvq-w4h2-rh64: OX App Suite through through 7↗2022-05-24
â–¶
CVEList
CVE-2021-38374: OX App Suite through through 7↗2021-11-22
â–¶
CVE-2021-38374 — Cross-site Scripting in OX APP Suite | cvebase