{ "id": "CVE-2020-8542", "sourceIdentifier": "cve@mitre.org", "published": "2020-06-16T14:15:11.617", "lastModified": "2022-04-08T10:37:36.657", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "OX App Suite through 7.10.3 allows XSS." }, { "lang": "es", "value": "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.3, "impactScore": 2.7 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5 }, "baseSeverity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:-:*:*:*:*:*:*", "matchCriteriaId": "B8D06749-1B27-4C7C-9436-1AD842471D19" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev1:*:*:*:*:*:*", "matchCriteriaId": "368ECEBC-4553-4A2A-8A2A-A4B8909C321D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev10:*:*:*:*:*:*", "matchCriteriaId": "33BFF8F7-DB19-4F7B-9FED-5D3E50E31C2B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev11:*:*:*:*:*:*", "matchCriteriaId": "8E60A592-965B-4ECD-BE52-C8BCF8164A6B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev12:*:*:*:*:*:*", "matchCriteriaId": "37DC59B1-D23F-40EB-9F54-0BBBC8FA86E1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev13:*:*:*:*:*:*", "matchCriteriaId": "91897609-C38E-47ED-9A45-34C26ACD4558" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev14:*:*:*:*:*:*", "matchCriteriaId": "68CD6B95-5EAA-4D14-8958-787E7B8ADD8A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev15:*:*:*:*:*:*", "matchCriteriaId": "A4EBEBD1-9E8A-4C18-95FA-E7D83A7DC557" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev16:*:*:*:*:*:*", "matchCriteriaId": "6BAF8872-87D9-4271-80AA-E4200E6D8F5A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev17:*:*:*:*:*:*", "matchCriteriaId": "E0FDDD1D-7EDC-4ED8-9288-DA1976B044FF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev18:*:*:*:*:*:*", "matchCriteriaId": "AE6BC6B0-66A7-4B0A-9B11-E41A3C29064D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev19:*:*:*:*:*:*", "matchCriteriaId": "0B981446-14BE-43A9-86FE-F282E8DA393D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev2:*:*:*:*:*:*", "matchCriteriaId": "4190E7EF-E9BF-4B87-B5A7-F1C5639CF701" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev20:*:*:*:*:*:*", "matchCriteriaId": "DC995A29-A9DB-4160-BEAD-7E6A3606F802" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev21:*:*:*:*:*:*", "matchCriteriaId": "890672A1-63E4-45BA-B4A7-B1DCFCE03E17" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev22:*:*:*:*:*:*", "matchCriteriaId": "32AB90D5-CF22-45E4-A7E5-A3BC355C051A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev23:*:*:*:*:*:*", "matchCriteriaId": "4287D478-7B66-4B94-AF06-FCFA3E3A49E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev24:*:*:*:*:*:*", "matchCriteriaId": "6949270A-47D6-495B-8B3A-CC97351E0B72" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev25:*:*:*:*:*:*", "matchCriteriaId": "FF8F4DA7-035F-4C6E-9E97-265CC57A548B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev26:*:*:*:*:*:*", "matchCriteriaId": "F6C50535-9E15-418A-8908-23C247CCF861" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev27:*:*:*:*:*:*", "matchCriteriaId": "8503C015-94AF-419C-95DE-1A1043811B60" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev3:*:*:*:*:*:*", "matchCriteriaId": "8DF4B515-D246-44A9-B4FA-094E33840EAA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev4:*:*:*:*:*:*", "matchCriteriaId": "20D6F057-6D60-45CD-AF64-A17655FE4332" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev5:*:*:*:*:*:*", "matchCriteriaId": "8AAEEE04-5D35-4007-9C19-47139D574C6D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev6:*:*:*:*:*:*", "matchCriteriaId": "534A44A6-9F3F-4A95-8397-1264537AF98B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev7:*:*:*:*:*:*", "matchCriteriaId": "0FDC984D-9BA2-44A8-A448-0B5FFD3714F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev8:*:*:*:*:*:*", "matchCriteriaId": "10C3CE2E-D599-4E7B-8DF7-CE143D38C248" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev9:*:*:*:*:*:*", "matchCriteriaId": "5D50AB43-34ED-4514-A46D-17DCE8C0E13B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:-:*:*:*:*:*:*", "matchCriteriaId": "A1E055C3-BE99-4EB8-8D28-1275A1607E01" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev1:*:*:*:*:*:*", "matchCriteriaId": "3A43F58A-EF5F-470F-AD23-EA211A257B87" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev10:*:*:*:*:*:*", "matchCriteriaId": "AF15D091-E31B-4AF7-8565-A545338443D7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev11:*:*:*:*:*:*", "matchCriteriaId": "6530A58D-89B1-4991-8182-2CB39FF0607D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev12:*:*:*:*:*:*", "matchCriteriaId": "359C31C1-FC65-4DB5-AC13-78752B991D85" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev13:*:*:*:*:*:*", "matchCriteriaId": "20B39EEB-AE1F-41EF-BDA2-0C05583C19A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev14:*:*:*:*:*:*", "matchCriteriaId": "6814E0FE-C61F-4621-BCE9-E315FD27BDF9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev15:*:*:*:*:*:*", "matchCriteriaId": "C500DC8B-1E2D-4D9E-89BF-DB1F583FCE1A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev16:*:*:*:*:*:*", "matchCriteriaId": "B31AF178-6903-4C9C-85D0-4FC64B523D94" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev17:*:*:*:*:*:*", "matchCriteriaId": "78BBF7A1-2683-4A1A-A907-22AA08547C34" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev18:*:*:*:*:*:*", "matchCriteriaId": "8E8D7027-437A-4ACA-A4A1-34F2A1E49EFF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev19:*:*:*:*:*:*", "matchCriteriaId": "233AF909-1320-4F50-98AE-0C3597EB77B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev2:*:*:*:*:*:*", "matchCriteriaId": "8B99076E-CAAF-478A-A6CA-5F4D555F4F13" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev3:*:*:*:*:*:*", "matchCriteriaId": "71AD5083-1D8A-4F84-8263-EB724F2BAFB0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev4:*:*:*:*:*:*", "matchCriteriaId": "F2E2CBB1-66E4-463E-9C13-36311A5E57CC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev5:*:*:*:*:*:*", "matchCriteriaId": "78419EB9-7DBD-4D86-9D9F-D207BE4A5606" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev6:*:*:*:*:*:*", "matchCriteriaId": "6CFDEA47-85E0-468F-ACE1-D246C690B8D0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev7:*:*:*:*:*:*", "matchCriteriaId": "51A93D40-8EC9-42FA-88B5-2C6A105D45DF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev8:*:*:*:*:*:*", "matchCriteriaId": "990A037D-78A9-4BA5-B0E6-66D33B553CCF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev9:*:*:*:*:*:*", "matchCriteriaId": "84AB3311-A474-43B3-A613-F876042473A2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*", "matchCriteriaId": "D3CF4C4E-3FF0-4B4A-8246-8F8981D66180" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*", "matchCriteriaId": "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*", "matchCriteriaId": "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*", "matchCriteriaId": "B031D97E-A967-4124-8A42-EFA4B3576124" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*", "matchCriteriaId": "649774E8-6489-4AD7-95A8-AAF7154B2C05" }, { "vulnerable": true, "criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*", "matchCriteriaId": "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5" } ] } ] } ], "references": [ { "url": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://seclists.org/fulldisclosure/2020/Aug/14", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://www.open-xchange.com/", "source": "cve@mitre.org", "tags": [ "Product", "Vendor Advisory" ] } ] }