PT-2022-20745 · Open Xchange · Ox App Suite
Published
2022-10-24
·
Updated
2022-10-28
·
CVE-2022-31468
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OX App Suite versions through 8.2
Description
The issue allows for XSS via an attachment or OX Drive content when a client uses the
len or off parameter. This can be exploited when the client utilizes specific parameters in conjunction with attachments or OX Drive content.Recommendations
For OX App Suite versions through 8.2, consider disabling the use of the
len and off parameters in client requests until a patch is available. Restrict access to attachments and OX Drive content to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ox App Suite