First published: Fri Apr 30 2021(Updated: )
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Open-xchange Open-xchange Appsuite | <=7.10.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-31934 is a vulnerability in OX App Suite 7.10.4 and earlier that allows XSS (Cross-Site Scripting) attacks via a crafted contact object.
CVE-2021-31934 works by exploiting the mishandling of a crafted contact object in the App Suite UI on a smartphone, allowing an attacker to inject malicious code.
CVE-2021-31934 has a severity rating of medium with a CVSS score of 6.1.
To fix CVE-2021-31934, it is recommended to upgrade to a version of OX App Suite that is not affected by the vulnerability.
You can find more information about CVE-2021-31934 at the following URL: https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html