OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
CWE-79
CVE-2021-23935
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
CVE-2021-23936
OX App Suite through 7.10.4 allows XSS via the subject of a task.
CVE-2021-23959
An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.
CVE-2021-23854
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected.
CVE-2021-23856
The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.