CVE-2021-38375 — Cross-site Scripting in OX APP Suite

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 43.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 22

Latest updateNov 23

Description

OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

GHSA

GHSA-fvhr-wmw2-fg68: OX App Suite through 7↗2021-11-23

▶

CVEList

CVE-2021-38375: OX App Suite through 7↗2021-11-22

▶