First published: Fri Apr 30 2021(Updated: )
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Open-xchange Open-xchange Appsuite | <=7.10.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-31935 is a vulnerability in OX App Suite 7.10.4 and earlier that allows cross-site scripting (XSS) attacks via a crafted distribution list.
The severity of CVE-2021-31935 is medium with a severity value of 6.1.
OX App Suite version 7.10.4 and earlier is affected by CVE-2021-31935.
CVE-2021-31935 works by exploiting a mishandling of a crafted distribution list's payload in the scheduling view, allowing for cross-site scripting attacks.
Yes, upgrading to a version later than 7.10.4 of OX App Suite will fix the vulnerability.