PT-2021-11605 · Open Xchange · Ox App Suite

Published

2021-05-03

Updated

2021-05-07

CVE-2020-28945

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.4 and earlier

Description: The issue allows for XSS via crafted content to reach an undocumented feature. This can be achieved by using specific syntax, such as ![](http://onerror=Function.constructor), in a Notes item.

Recommendations: For OX App Suite versions 7.10.4 and earlier, consider disabling the ability to add crafted content to Notes items until a patch is available. Restrict access to undocumented features to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-28945

Affected Products

Ox App Suite

PT-2021-11605 · Open Xchange · Ox App Suite

CVE-2020-28945

Weakness Enumeration

Related Identifiers

Affected Products

References · 5