CVE-2025-30191 โ€” UI Misrepresentation / Clickjacking in Gmbh OX APP Suite

CWE-1021 โ€” UI Misrepresentation / Clickjacking3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.0%
top 92.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Open-xchange Gmbh OX APP Suite
Timeline
PublishedOct 31

Description

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedure. No publicly available exploits are known

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

โ–ถCVEListV5open-xchange_gmbh/ox_app_suite7.6.3-rev77+4

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-7p8g-rr59-8pqg: Malicious content from E-Mail can be used to perform a redressing attackโ†—2025-10-31
โ–ถ
CVEList
CVE-2025-30191: Malicious content from E-Mail can be used to perform a redressing attackโ†—2025-10-31
โ–ถ
CVE-2025-30191 โ€” UI Misrepresentation / Clickjacking | cvebase