MidnightBSD

Advisories for mobisystems

CVE-2023-37600

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile.

Products Affected

Vendor Product Version
mobisystems office_suite 10.9.1.42602
CVE-2023-37601

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.

Products Affected

Vendor Product Version
mobisystems office_suite 10.9.1.42602
CVE-2023-38617

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files.

Products Affected

Vendor Product Version
mobisystems office_suite 10.9.1.42602