CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-38377

OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.7%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html
https://seclists.org/fulldisclosure/2021/Nov/43
https://www.open-xchange.com
http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html
https://seclists.org/fulldisclosure/2021/Nov/43
https://www.open-xchange.com

Products affected by CVE-2021-38377

Open-Xchange » Ox App Suite » Version: N/A

cpe:2.3:a:open-xchange:ox_app_suite:-
Open-Xchange » Ox App Suite » Version: 7.10.5

cpe:2.3:a:open-xchange:ox_app_suite:7.10.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-38377

Products

Pricing

Contact Us