CVE-2022-31469

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://open-xchange.com	Vendor Advisory
https://seclists.org/fulldisclosure/2022/Nov/18	Exploit Mailing List Third Party Advisory
https://open-xchange.com	Vendor Advisory
https://seclists.org/fulldisclosure/2022/Nov/18	Exploit Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:open-xchange:open-xchange_appsuite::::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148::::::
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150::::::

History

21 Nov 2024, 07:04

Type	Values Removed	Values Added
References	~~() https://open-xchange.com - Vendor Advisory~~	() https://open-xchange.com - Vendor Advisory
References	~~() https://seclists.org/fulldisclosure/2022/Nov/18 - Exploit, Mailing List, Third Party Advisory~~	() https://seclists.org/fulldisclosure/2022/Nov/18 - Exploit, Mailing List, Third Party Advisory

Information

Published : 2022-12-26 02:15

Updated : 2024-11-21 07:04

NVD link : CVE-2022-31469

Mitre link : CVE-2022-31469

CVE.ORG link : CVE-2022-31469

JSON object : View

Products Affected

open-xchange

open-xchange_appsuite

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10