CVE-2021-38377

MEDIUM

OX App Suite <7.10.5 - XSS

Title source: llm

Description

OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.

References (3)

[Product] https://www.open-xchange.com

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2021/Nov/43

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html

Scores

CVSS v3 6.1

EPSS 0.0030

EPSS Percentile 53.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-330

Status published

Products (1)

open-xchange/ox_app_suite < 7.10.5

Published Nov 22, 2021

Tracked Since Feb 18, 2026