CVE-2022-37307 — Cross-site Scripting in Appsuite

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

1.1%

top 21.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Appsuite

Timeline

PublishedDec 26

Description

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDopen-xchange/open-xchange_appsuite< 7.10.5+2

🔴Vulnerability Details

CVEList

CVE-2022-37307: OX App Suite through 7↗2022-12-26

▶

GHSA

GHSA-mvvf-mj7f-qgqf: OX App Suite through 7↗2022-12-26

▶