CVE-2022-37307

CVSS V2 None CVSS V3 None

Description

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.

Overview

CVE ID
CVE-2022-37307

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2022-12-26T02:15:09

Last Modified Date
2023-01-04T02:02:37

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:open-xchange:open-xchange_appsuite::::::::	1	OR	7.10.5
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148::::::	1	OR
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150::::::	1	OR

References

Reference URL	Reference Tags
https://open-xchange.com
https://seclists.org/fulldisclosure/2022/Nov/18

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-37307
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37307

History

Created	Old Value	New Value	Data Type	Notes
2022-12-26 02:15:59				Added to TrackCVE
2022-12-27 14:15:47		2022-12-27T13:48:11	CVE Modified Date	updated
2022-12-27 14:15:47	Received	Awaiting Analysis	Vulnerability Status	updated
2022-12-30 15:14:44	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-01-04 02:15:21		2023-01-04T02:02:37	CVE Modified Date	updated
2023-01-04 02:15:21	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-01-04 02:15:22			Weakness Enumeration	new
2023-01-04 02:15:24			CPE Information	updated