CVE-2022-37309 — Cross-site Scripting in Appsuite

Severity

6.1MEDIUMNVD

EPSS

0.8%

top 25.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 26

Description

OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

CVEList

CVE-2022-37309: OX App Suite through 7↗2022-12-26

▶

GHSA

GHSA-p7q9-vp7r-68ff: OX App Suite through 7↗2022-12-26

▶