Skip to main content

Ox App Suite CVE-2021-33494

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-11-22 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 22, 2021 - 09:15 nvd
MEDIUM 6.1

DescriptionNVD

OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.

AnalysisAI

OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. Affected products include: Open-Xchange Ox App Suite.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2022-24405 CRITICAL POC
9.8 Jul 27

OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. Rated

CVE-2022-23100 CRITICAL POC
9.8 Jul 27

OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). Rated

CVE-2022-24406 MEDIUM POC
6.5 Jul 27

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to inj

CVE-2021-33491 MEDIUM POC
6.5 Nov 22

OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandlin

CVE-2022-23101 MEDIUM POC
6.1 Jul 27

OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. Rated medium severity (CVSS 6

CVE-2021-38377 MEDIUM POC
6.1 Nov 22

OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because th

CVE-2021-38375 MEDIUM POC
6.1 Nov 22

OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. Rated medi

CVE-2021-33495 MEDIUM POC
6.1 Nov 22

OX App Suite 7.10.5 allows XSS via an OX Chat system message. Rated medium severity (CVSS 6.1), this vulnerability is re

CVE-2021-33492 MEDIUM POC
6.1 Nov 22

OX App Suite 7.10.5 allows XSS via an OX Chat room name. Rated medium severity (CVSS 6.1), this vulnerability is remotel

CVE-2021-33490 MEDIUM POC
6.1 Nov 22

OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. Rated medium severity (CVSS 6.1

CVE-2021-33489 MEDIUM POC
6.1 Nov 22

OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. Rated medium severity (CVSS 6.1), this

CVE-2021-33488 MEDIUM POC
6.1 Nov 22

chat in OX App Suite 7.10.5 has Improper Input Validation. Rated medium severity (CVSS 6.1), this vulnerability is remot

Share

CVE-2021-33494 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy