CVE-2020-8542
Vulnerability from cvelistv5
Published
2020-06-16 13:46
Modified
2024-08-04 10:03
Severity ?
Summary
OX App Suite through 7.10.3 allows XSS.
References
cve@mitre.orghttp://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://seclists.org/fulldisclosure/2020/Aug/14Mailing List, Third Party Advisory
cve@mitre.orghttps://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://www.open-xchange.com/Product, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2020/Aug/14Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.open-xchange.com/Product, Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.open-xchange.com/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
          },
          {
            "name": "20200821 Open-Xchange Security Advisory 2020-08-20",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Aug/14"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OX App Suite through 7.10.3 allows XSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-21T23:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.open-xchange.com/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
        },
        {
          "name": "20200821 Open-Xchange Security Advisory 2020-08-20",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Aug/14"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-8542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OX App Suite through 7.10.3 allows XSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.open-xchange.com/",
              "refsource": "MISC",
              "url": "https://www.open-xchange.com/"
            },
            {
              "name": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html",
              "refsource": "MISC",
              "url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
            },
            {
              "name": "20200821 Open-Xchange Security Advisory 2020-08-20",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Aug/14"
            },
            {
              "name": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-8542",
    "datePublished": "2020-06-16T13:46:57",
    "dateReserved": "2020-02-03T00:00:00",
    "dateUpdated": "2024-08-04T10:03:46.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8D06749-1B27-4C7C-9436-1AD842471D19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev1:*:*:*:*:*:*\", \"matchCriteriaId\": \"368ECEBC-4553-4A2A-8A2A-A4B8909C321D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev10:*:*:*:*:*:*\", \"matchCriteriaId\": \"33BFF8F7-DB19-4F7B-9FED-5D3E50E31C2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev11:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E60A592-965B-4ECD-BE52-C8BCF8164A6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev12:*:*:*:*:*:*\", \"matchCriteriaId\": \"37DC59B1-D23F-40EB-9F54-0BBBC8FA86E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev13:*:*:*:*:*:*\", \"matchCriteriaId\": \"91897609-C38E-47ED-9A45-34C26ACD4558\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev14:*:*:*:*:*:*\", \"matchCriteriaId\": \"68CD6B95-5EAA-4D14-8958-787E7B8ADD8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev15:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4EBEBD1-9E8A-4C18-95FA-E7D83A7DC557\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev16:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BAF8872-87D9-4271-80AA-E4200E6D8F5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev17:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0FDDD1D-7EDC-4ED8-9288-DA1976B044FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev18:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE6BC6B0-66A7-4B0A-9B11-E41A3C29064D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev19:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B981446-14BE-43A9-86FE-F282E8DA393D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4190E7EF-E9BF-4B87-B5A7-F1C5639CF701\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev20:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC995A29-A9DB-4160-BEAD-7E6A3606F802\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev21:*:*:*:*:*:*\", \"matchCriteriaId\": \"890672A1-63E4-45BA-B4A7-B1DCFCE03E17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev22:*:*:*:*:*:*\", \"matchCriteriaId\": \"32AB90D5-CF22-45E4-A7E5-A3BC355C051A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev23:*:*:*:*:*:*\", \"matchCriteriaId\": \"4287D478-7B66-4B94-AF06-FCFA3E3A49E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev24:*:*:*:*:*:*\", \"matchCriteriaId\": \"6949270A-47D6-495B-8B3A-CC97351E0B72\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev25:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF8F4DA7-035F-4C6E-9E97-265CC57A548B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev26:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6C50535-9E15-418A-8908-23C247CCF861\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev27:*:*:*:*:*:*\", \"matchCriteriaId\": \"8503C015-94AF-419C-95DE-1A1043811B60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev3:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DF4B515-D246-44A9-B4FA-094E33840EAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev4:*:*:*:*:*:*\", \"matchCriteriaId\": \"20D6F057-6D60-45CD-AF64-A17655FE4332\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev5:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AAEEE04-5D35-4007-9C19-47139D574C6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev6:*:*:*:*:*:*\", \"matchCriteriaId\": \"534A44A6-9F3F-4A95-8397-1264537AF98B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev7:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FDC984D-9BA2-44A8-A448-0B5FFD3714F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev8:*:*:*:*:*:*\", \"matchCriteriaId\": \"10C3CE2E-D599-4E7B-8DF7-CE143D38C248\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev9:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D50AB43-34ED-4514-A46D-17DCE8C0E13B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1E055C3-BE99-4EB8-8D28-1275A1607E01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A43F58A-EF5F-470F-AD23-EA211A257B87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev10:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF15D091-E31B-4AF7-8565-A545338443D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev11:*:*:*:*:*:*\", \"matchCriteriaId\": \"6530A58D-89B1-4991-8182-2CB39FF0607D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev12:*:*:*:*:*:*\", \"matchCriteriaId\": \"359C31C1-FC65-4DB5-AC13-78752B991D85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev13:*:*:*:*:*:*\", \"matchCriteriaId\": \"20B39EEB-AE1F-41EF-BDA2-0C05583C19A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev14:*:*:*:*:*:*\", \"matchCriteriaId\": \"6814E0FE-C61F-4621-BCE9-E315FD27BDF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev15:*:*:*:*:*:*\", \"matchCriteriaId\": \"C500DC8B-1E2D-4D9E-89BF-DB1F583FCE1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev16:*:*:*:*:*:*\", \"matchCriteriaId\": \"B31AF178-6903-4C9C-85D0-4FC64B523D94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev17:*:*:*:*:*:*\", \"matchCriteriaId\": \"78BBF7A1-2683-4A1A-A907-22AA08547C34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev18:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E8D7027-437A-4ACA-A4A1-34F2A1E49EFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev19:*:*:*:*:*:*\", \"matchCriteriaId\": \"233AF909-1320-4F50-98AE-0C3597EB77B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B99076E-CAAF-478A-A6CA-5F4D555F4F13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev3:*:*:*:*:*:*\", \"matchCriteriaId\": \"71AD5083-1D8A-4F84-8263-EB724F2BAFB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev4:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2E2CBB1-66E4-463E-9C13-36311A5E57CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev5:*:*:*:*:*:*\", \"matchCriteriaId\": \"78419EB9-7DBD-4D86-9D9F-D207BE4A5606\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev6:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CFDEA47-85E0-468F-ACE1-D246C690B8D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev7:*:*:*:*:*:*\", \"matchCriteriaId\": \"51A93D40-8EC9-42FA-88B5-2C6A105D45DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev8:*:*:*:*:*:*\", \"matchCriteriaId\": \"990A037D-78A9-4BA5-B0E6-66D33B553CCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev9:*:*:*:*:*:*\", \"matchCriteriaId\": \"84AB3311-A474-43B3-A613-F876042473A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3CF4C4E-3FF0-4B4A-8246-8F8981D66180\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B7503E3-6317-4DD7-9EDD-AB5A0586BADE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*\", \"matchCriteriaId\": \"26BF76EC-F32F-4DAB-8EB0-8B24E76D2593\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*\", \"matchCriteriaId\": \"B031D97E-A967-4124-8A42-EFA4B3576124\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*\", \"matchCriteriaId\": \"649774E8-6489-4AD7-95A8-AAF7154B2C05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2A1BB49-EAFD-4458-AA8B-BF4B195927C5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"OX App Suite through 7.10.3 allows XSS.\"}, {\"lang\": \"es\", \"value\": \"OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS\"}]",
      "id": "CVE-2020-8542",
      "lastModified": "2024-11-21T05:39:00.043",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-16T14:15:11.617",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Aug/14\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.open-xchange.com/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Aug/14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.open-xchange.com/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8542\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-16T14:15:11.617\",\"lastModified\":\"2024-11-21T05:39:00.043\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OX App Suite through 7.10.3 allows XSS.\"},{\"lang\":\"es\",\"value\":\"OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8D06749-1B27-4C7C-9436-1AD842471D19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev1:*:*:*:*:*:*\",\"matchCriteriaId\":\"368ECEBC-4553-4A2A-8A2A-A4B8909C321D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev10:*:*:*:*:*:*\",\"matchCriteriaId\":\"33BFF8F7-DB19-4F7B-9FED-5D3E50E31C2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev11:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E60A592-965B-4ECD-BE52-C8BCF8164A6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev12:*:*:*:*:*:*\",\"matchCriteriaId\":\"37DC59B1-D23F-40EB-9F54-0BBBC8FA86E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev13:*:*:*:*:*:*\",\"matchCriteriaId\":\"91897609-C38E-47ED-9A45-34C26ACD4558\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev14:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CD6B95-5EAA-4D14-8958-787E7B8ADD8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev15:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4EBEBD1-9E8A-4C18-95FA-E7D83A7DC557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev16:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BAF8872-87D9-4271-80AA-E4200E6D8F5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev17:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0FDDD1D-7EDC-4ED8-9288-DA1976B044FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev18:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE6BC6B0-66A7-4B0A-9B11-E41A3C29064D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev19:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B981446-14BE-43A9-86FE-F282E8DA393D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4190E7EF-E9BF-4B87-B5A7-F1C5639CF701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev20:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC995A29-A9DB-4160-BEAD-7E6A3606F802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev21:*:*:*:*:*:*\",\"matchCriteriaId\":\"890672A1-63E4-45BA-B4A7-B1DCFCE03E17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev22:*:*:*:*:*:*\",\"matchCriteriaId\":\"32AB90D5-CF22-45E4-A7E5-A3BC355C051A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev23:*:*:*:*:*:*\",\"matchCriteriaId\":\"4287D478-7B66-4B94-AF06-FCFA3E3A49E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev24:*:*:*:*:*:*\",\"matchCriteriaId\":\"6949270A-47D6-495B-8B3A-CC97351E0B72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev25:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF8F4DA7-035F-4C6E-9E97-265CC57A548B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev26:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6C50535-9E15-418A-8908-23C247CCF861\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev27:*:*:*:*:*:*\",\"matchCriteriaId\":\"8503C015-94AF-419C-95DE-1A1043811B60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DF4B515-D246-44A9-B4FA-094E33840EAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev4:*:*:*:*:*:*\",\"matchCriteriaId\":\"20D6F057-6D60-45CD-AF64-A17655FE4332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev5:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AAEEE04-5D35-4007-9C19-47139D574C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev6:*:*:*:*:*:*\",\"matchCriteriaId\":\"534A44A6-9F3F-4A95-8397-1264537AF98B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev7:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FDC984D-9BA2-44A8-A448-0B5FFD3714F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev8:*:*:*:*:*:*\",\"matchCriteriaId\":\"10C3CE2E-D599-4E7B-8DF7-CE143D38C248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev9:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D50AB43-34ED-4514-A46D-17DCE8C0E13B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1E055C3-BE99-4EB8-8D28-1275A1607E01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A43F58A-EF5F-470F-AD23-EA211A257B87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev10:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF15D091-E31B-4AF7-8565-A545338443D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev11:*:*:*:*:*:*\",\"matchCriteriaId\":\"6530A58D-89B1-4991-8182-2CB39FF0607D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev12:*:*:*:*:*:*\",\"matchCriteriaId\":\"359C31C1-FC65-4DB5-AC13-78752B991D85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev13:*:*:*:*:*:*\",\"matchCriteriaId\":\"20B39EEB-AE1F-41EF-BDA2-0C05583C19A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev14:*:*:*:*:*:*\",\"matchCriteriaId\":\"6814E0FE-C61F-4621-BCE9-E315FD27BDF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev15:*:*:*:*:*:*\",\"matchCriteriaId\":\"C500DC8B-1E2D-4D9E-89BF-DB1F583FCE1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev16:*:*:*:*:*:*\",\"matchCriteriaId\":\"B31AF178-6903-4C9C-85D0-4FC64B523D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev17:*:*:*:*:*:*\",\"matchCriteriaId\":\"78BBF7A1-2683-4A1A-A907-22AA08547C34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev18:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E8D7027-437A-4ACA-A4A1-34F2A1E49EFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev19:*:*:*:*:*:*\",\"matchCriteriaId\":\"233AF909-1320-4F50-98AE-0C3597EB77B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B99076E-CAAF-478A-A6CA-5F4D555F4F13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev3:*:*:*:*:*:*\",\"matchCriteriaId\":\"71AD5083-1D8A-4F84-8263-EB724F2BAFB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2E2CBB1-66E4-463E-9C13-36311A5E57CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev5:*:*:*:*:*:*\",\"matchCriteriaId\":\"78419EB9-7DBD-4D86-9D9F-D207BE4A5606\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev6:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CFDEA47-85E0-468F-ACE1-D246C690B8D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev7:*:*:*:*:*:*\",\"matchCriteriaId\":\"51A93D40-8EC9-42FA-88B5-2C6A105D45DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev8:*:*:*:*:*:*\",\"matchCriteriaId\":\"990A037D-78A9-4BA5-B0E6-66D33B553CCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev9:*:*:*:*:*:*\",\"matchCriteriaId\":\"84AB3311-A474-43B3-A613-F876042473A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3CF4C4E-3FF0-4B4A-8246-8F8981D66180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B7503E3-6317-4DD7-9EDD-AB5A0586BADE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*\",\"matchCriteriaId\":\"26BF76EC-F32F-4DAB-8EB0-8B24E76D2593\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B031D97E-A967-4124-8A42-EFA4B3576124\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*\",\"matchCriteriaId\":\"649774E8-6489-4AD7-95A8-AAF7154B2C05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2A1BB49-EAFD-4458-AA8B-BF4B195927C5\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Aug/14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.open-xchange.com/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Aug/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.open-xchange.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.