Vulnerability Details : CVE-2022-37309
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2022-37309
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 19 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-37309
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
nvd@nist.gov |
CWE ids for CVE-2022-37309
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-37309
-
https://open-xchange.com
Home | Open-XchangeVendor Advisory
-
https://seclists.org/fulldisclosure/2022/Nov/18
Full Disclosure: Open-Xchange Security Advisory 2022-11-24Exploit;Mailing List;Third Party Advisory
Products affected by CVE-2022-37309
- cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*