CVE-2021-26698

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.

Published: Jul 22, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-26698
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
open-xchange / open-xchange_appsuite	7.10.3-rev1	7.10.3-rev1.x
open-xchange / open-xchange_appsuite	7.10.3-rev2	7.10.3-rev2.x
open-xchange / open-xchange_appsuite	7.10.3-rev3	7.10.3-rev3.x
open-xchange / open-xchange_appsuite	7.10.3-rev4	7.10.3-rev4.x
open-xchange / open-xchange_appsuite	7.10.3-rev5	7.10.3-rev5.x
open-xchange / open-xchange_appsuite	7.10.3-rev6	7.10.3-rev6.x
open-xchange / open-xchange_appsuite	7.10.3	7.10.3.x
open-xchange / open-xchange_appsuite	7.10.3-rev18	7.10.3-rev18.x
open-xchange / open-xchange_appsuite	7.10.3-rev19	7.10.3-rev19.x
open-xchange / open-xchange_appsuite	7.10.3-rev20	7.10.3-rev20.x
open-xchange / open-xchange_appsuite	7.10.3-rev21	7.10.3-rev21.x
open-xchange / open-xchange_appsuite	7.10.3-rev22	7.10.3-rev22.x
open-xchange / open-xchange_appsuite	7.10.3-rev23	7.10.3-rev23.x
open-xchange / open-xchange_appsuite	7.10.3-rev24	7.10.3-rev24.x
open-xchange / open-xchange_appsuite	7.10.3-rev25	7.10.3-rev25.x
open-xchange / open-xchange_appsuite	7.10.3-rev26	7.10.3-rev26.x
open-xchange / open-xchange_appsuite	7.10.3-rev27	7.10.3-rev27.x
open-xchange / open-xchange_appsuite	7.10.3-rev28	7.10.3-rev28.x
open-xchange / open-xchange_appsuite	7.10.3-rev29	7.10.3-rev29.x
open-xchange / open-xchange_appsuite	7.10.3-rev30	7.10.3-rev30.x
open-xchange / open-xchange_appsuite	7.10.3-rev31	7.10.3-rev31.x
open-xchange / open-xchange_appsuite	7.10.4	7.10.4.x
open-xchange / open-xchange_appsuite	7.10.4-rev1	7.10.4-rev1.x
open-xchange / open-xchange_appsuite	7.10.4-rev10	7.10.4-rev10.x
open-xchange / open-xchange_appsuite	7.10.4-rev11	7.10.4-rev11.x
open-xchange / open-xchange_appsuite	7.10.4-rev12	7.10.4-rev12.x
open-xchange / open-xchange_appsuite	7.10.4-rev13	7.10.4-rev13.x
open-xchange / open-xchange_appsuite	7.10.4-rev2	7.10.4-rev2.x
open-xchange / open-xchange_appsuite	7.10.4-rev3	7.10.4-rev3.x
open-xchange / open-xchange_appsuite	7.10.4-rev4	7.10.4-rev4.x
open-xchange / open-xchange_appsuite	7.10.4-rev5	7.10.4-rev5.x
open-xchange / open-xchange_appsuite	7.10.4-rev6	7.10.4-rev6.x
open-xchange / open-xchange_appsuite	7.10.4-rev7	7.10.4-rev7.x
open-xchange / open-xchange_appsuite	7.10.4-rev8	7.10.4-rev8.x
open-xchange / open-xchange_appsuite	7.10.4-rev9	7.10.4-rev9.x
open-xchange / open-xchange_appsuite	7.10.3-patch_release5547	7.10.3-patch_release5547.x
open-xchange / open-xchange_appsuite	7.10.3-patch_release5572	7.10.3-patch_release5572.x
open-xchange / open-xchange_appsuite	7.10.3-patch_release5623	7.10.3-patch_release5623.x
open-xchange / open-xchange_appsuite	7.10.3-patch_release5653	7.10.3-patch_release5653.x
open-xchange / open-xchange_appsuite	7.10.3-patch_release5677	7.10.3-patch_release5677.x
open-xchange / open-xchange_appsuite	7.10.3-patch_release5720	7.10.3-patch_release5720.x
open-xchange / open-xchange_appsuite	7.10.3-rev10	7.10.3-rev10.x
open-xchange / open-xchange_appsuite	7.10.3-rev11	7.10.3-rev11.x
open-xchange / open-xchange_appsuite	7.10.3-rev12	7.10.3-rev12.x
open-xchange / open-xchange_appsuite	7.10.3-rev13	7.10.3-rev13.x
open-xchange / open-xchange_appsuite	7.10.3-rev14	7.10.3-rev14.x
open-xchange / open-xchange_appsuite	7.10.3-rev15	7.10.3-rev15.x
open-xchange / open-xchange_appsuite	7.10.3-rev16	7.10.3-rev16.x
open-xchange / open-xchange_appsuite	7.10.3-rev17	7.10.3-rev17.x
open-xchange / open-xchange_appsuite	7.10.3-rev7	7.10.3-rev7.x
open-xchange / open-xchange_appsuite	7.10.3-rev8	7.10.3-rev8.x
open-xchange / open-xchange_appsuite	7.10.3-rev9	7.10.3-rev9.x
open-xchange / open-xchange_appsuite	7.10.4-rev14	7.10.4-rev14.x
open-xchange / open-xchange_appsuite	7.10.4-rev15	7.10.4-rev15.x
open-xchange / open-xchange_appsuite	7.10.4-rev16	7.10.4-rev16.x
open-xchange / open-xchange_appsuite	7.10.4-rev17	7.10.4-rev17.x

Vulnerability Database

309,364

CVE-2021-26698

Deep Security Visibility Without the Complexity