CVE-2020-8542

{"id": "CVE-2020-8542", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-06-16T14:15:11.617", "references": [{"url": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2020/Aug/14", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.open-xchange.com/", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2020/Aug/14", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.open-xchange.com/", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "OX App Suite through 7.10.3 allows XSS."}, {"lang": "es", "value": "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS"}], "lastModified": "2024-11-21T05:39:00.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8D06749-1B27-4C7C-9436-1AD842471D19"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "368ECEBC-4553-4A2A-8A2A-A4B8909C321D"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33BFF8F7-DB19-4F7B-9FED-5D3E50E31C2B"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E60A592-965B-4ECD-BE52-C8BCF8164A6B"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37DC59B1-D23F-40EB-9F54-0BBBC8FA86E1"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91897609-C38E-47ED-9A45-34C26ACD4558"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68CD6B95-5EAA-4D14-8958-787E7B8ADD8A"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4EBEBD1-9E8A-4C18-95FA-E7D83A7DC557"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BAF8872-87D9-4271-80AA-E4200E6D8F5A"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0FDDD1D-7EDC-4ED8-9288-DA1976B044FF"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE6BC6B0-66A7-4B0A-9B11-E41A3C29064D"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B981446-14BE-43A9-86FE-F282E8DA393D"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4190E7EF-E9BF-4B87-B5A7-F1C5639CF701"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC995A29-A9DB-4160-BEAD-7E6A3606F802"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "890672A1-63E4-45BA-B4A7-B1DCFCE03E17"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev22:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32AB90D5-CF22-45E4-A7E5-A3BC355C051A"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev23:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4287D478-7B66-4B94-AF06-FCFA3E3A49E5"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6949270A-47D6-495B-8B3A-CC97351E0B72"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF8F4DA7-035F-4C6E-9E97-265CC57A548B"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6C50535-9E15-418A-8908-23C247CCF861"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev27:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8503C015-94AF-419C-95DE-1A1043811B60"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DF4B515-D246-44A9-B4FA-094E33840EAA"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20D6F057-6D60-45CD-AF64-A17655FE4332"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AAEEE04-5D35-4007-9C19-47139D574C6D"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "534A44A6-9F3F-4A95-8397-1264537AF98B"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FDC984D-9BA2-44A8-A448-0B5FFD3714F8"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10C3CE2E-D599-4E7B-8DF7-CE143D38C248"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D50AB43-34ED-4514-A46D-17DCE8C0E13B"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1E055C3-BE99-4EB8-8D28-1275A1607E01"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A43F58A-EF5F-470F-AD23-EA211A257B87"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF15D091-E31B-4AF7-8565-A545338443D7"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6530A58D-89B1-4991-8182-2CB39FF0607D"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "359C31C1-FC65-4DB5-AC13-78752B991D85"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20B39EEB-AE1F-41EF-BDA2-0C05583C19A9"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6814E0FE-C61F-4621-BCE9-E315FD27BDF9"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C500DC8B-1E2D-4D9E-89BF-DB1F583FCE1A"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B31AF178-6903-4C9C-85D0-4FC64B523D94"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78BBF7A1-2683-4A1A-A907-22AA08547C34"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E8D7027-437A-4ACA-A4A1-34F2A1E49EFF"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "233AF909-1320-4F50-98AE-0C3597EB77B7"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B99076E-CAAF-478A-A6CA-5F4D555F4F13"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71AD5083-1D8A-4F84-8263-EB724F2BAFB0"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2E2CBB1-66E4-463E-9C13-36311A5E57CC"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78419EB9-7DBD-4D86-9D9F-D207BE4A5606"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CFDEA47-85E0-468F-ACE1-D246C690B8D0"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51A93D40-8EC9-42FA-88B5-2C6A105D45DF"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "990A037D-78A9-4BA5-B0E6-66D33B553CCF"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84AB3311-A474-43B3-A613-F876042473A2"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3CF4C4E-3FF0-4B4A-8246-8F8981D66180"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B031D97E-A967-4124-8A42-EFA4B3576124"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "649774E8-6489-4AD7-95A8-AAF7154B2C05"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}