CVE-2022-31468 — Cross-site Scripting in OX APP Suite

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 56.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 25

Latest updateAug 21

Description

OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

GHSA

GHSA-vr7h-8xxw-xfw6: OX App Suite through 8↗2022-10-26

▶

CVEList

CVE-2022-31468: OX App Suite through 8↗2022-10-24

▶

Exploit-DB

Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions↗2023-08-21

▶