CWE
79
Advisory Published
Updated

CVE-2021-37403: XSS

First published: Thu Jul 22 2021(Updated: )

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Open-xchange Open-xchange Appsuite=7.10.3
Open-xchange Open-xchange Appsuite=7.10.3-patch_release5547
Open-xchange Open-xchange Appsuite=7.10.3-patch_release5572
Open-xchange Open-xchange Appsuite=7.10.3-patch_release5623
Open-xchange Open-xchange Appsuite=7.10.3-patch_release5653
Open-xchange Open-xchange Appsuite=7.10.3-patch_release5677
Open-xchange Open-xchange Appsuite=7.10.3-patch_release5720
Open-xchange Open-xchange Appsuite=7.10.3-rev1
Open-xchange Open-xchange Appsuite=7.10.3-rev10
Open-xchange Open-xchange Appsuite=7.10.3-rev11
Open-xchange Open-xchange Appsuite=7.10.3-rev12
Open-xchange Open-xchange Appsuite=7.10.3-rev13
Open-xchange Open-xchange Appsuite=7.10.3-rev14
Open-xchange Open-xchange Appsuite=7.10.3-rev15
Open-xchange Open-xchange Appsuite=7.10.3-rev16
Open-xchange Open-xchange Appsuite=7.10.3-rev17
Open-xchange Open-xchange Appsuite=7.10.3-rev18
Open-xchange Open-xchange Appsuite=7.10.3-rev19
Open-xchange Open-xchange Appsuite=7.10.3-rev2
Open-xchange Open-xchange Appsuite=7.10.3-rev20
Open-xchange Open-xchange Appsuite=7.10.3-rev21
Open-xchange Open-xchange Appsuite=7.10.3-rev22
Open-xchange Open-xchange Appsuite=7.10.3-rev23
Open-xchange Open-xchange Appsuite=7.10.3-rev24
Open-xchange Open-xchange Appsuite=7.10.3-rev25
Open-xchange Open-xchange Appsuite=7.10.3-rev26
Open-xchange Open-xchange Appsuite=7.10.3-rev27
Open-xchange Open-xchange Appsuite=7.10.3-rev28
Open-xchange Open-xchange Appsuite=7.10.3-rev29
Open-xchange Open-xchange Appsuite=7.10.3-rev3
Open-xchange Open-xchange Appsuite=7.10.3-rev30
Open-xchange Open-xchange Appsuite=7.10.3-rev31
Open-xchange Open-xchange Appsuite=7.10.3-rev4
Open-xchange Open-xchange Appsuite=7.10.3-rev5
Open-xchange Open-xchange Appsuite=7.10.3-rev6
Open-xchange Open-xchange Appsuite=7.10.3-rev7
Open-xchange Open-xchange Appsuite=7.10.3-rev8
Open-xchange Open-xchange Appsuite=7.10.3-rev9
Open-xchange Open-xchange Appsuite=7.10.4
Open-xchange Open-xchange Appsuite=7.10.4-rev1
Open-xchange Open-xchange Appsuite=7.10.4-rev10
Open-xchange Open-xchange Appsuite=7.10.4-rev11
Open-xchange Open-xchange Appsuite=7.10.4-rev12
Open-xchange Open-xchange Appsuite=7.10.4-rev13
Open-xchange Open-xchange Appsuite=7.10.4-rev14
Open-xchange Open-xchange Appsuite=7.10.4-rev15
Open-xchange Open-xchange Appsuite=7.10.4-rev16
Open-xchange Open-xchange Appsuite=7.10.4-rev17
Open-xchange Open-xchange Appsuite=7.10.4-rev2
Open-xchange Open-xchange Appsuite=7.10.4-rev3
Open-xchange Open-xchange Appsuite=7.10.4-rev4
Open-xchange Open-xchange Appsuite=7.10.4-rev5
Open-xchange Open-xchange Appsuite=7.10.4-rev6
Open-xchange Open-xchange Appsuite=7.10.4-rev7
Open-xchange Open-xchange Appsuite=7.10.4-rev8
Open-xchange Open-xchange Appsuite=7.10.4-rev9

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203