.. / CVE-2020-24701

Exploit for OX Appsuite - Cross-Site Scripting (CVE-2020-24701)

Description:

OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).

Nuclei Template

View the template here CVE-2020-24701.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-24701.yaml
Copy

References:

https://seclists.org/fulldisclosure/2021/Jul/33
https://nvd.nist.gov/vuln/detail/CVE-2020-24701
https://www.open-xchange.com
https://github.com/20142995/sectool
https://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html