Open-Xchange Ox App Suite vulnerabilities

CVE-2021-33488 [MEDIUM] CWE-20 CVE-2021-33488: chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Ch chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.

CVE-2021-33492 [MEDIUM] CWE-79 CVE-2021-33492: OX App Suite 7.10.5 allows XSS via an OX Chat room name. OX App Suite 7.10.5 allows XSS via an OX Chat room name.

CVE-2021-33493 [MEDIUM] CWE-94 CVE-2021-33493: The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.

CVE-2021-33495 [MEDIUM] CWE-79 CVE-2021-33495: OX App Suite 7.10.5 allows XSS via an OX Chat system message. OX App Suite 7.10.5 allows XSS via an OX Chat system message.

CVE-2021-38378 [MEDIUM] CVE-2021-38378: OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.

CVE-2021-33494 [MEDIUM] CWE-79 CVE-2021-33494: OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.

CVE-2021-38375 [MEDIUM] CWE-79 CVE-2021-38375: OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message.

CVE-2021-38377 [MEDIUM] CWE-330 CVE-2021-38377: OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncate OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.