| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| OX App Suite through 7.10.4 allows XSS via the subject of a task. |
| OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. |
| OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. |
| OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL. |
| OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename. |
| OX App Suite through 7.10.4 allows XSS via an inline binary file. |
| OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile. |
| OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI. |
| OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string. |
| OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. |
| An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. |
| An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. |
| An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. |
| An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. |
| An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements. |
| An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp. |
| An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution. |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution. |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution. |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution. |