Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange open-xchange appsuite frontend vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-26445
Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the w...
Open-xchange Open-xchange Appsuite Frontend
5.4
CVSSv3
CVE-2023-26446
The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To ex...
Open-xchange Open-xchange Appsuite Frontend
5.4
CVSSv3
CVE-2023-26447
The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hi...
Open-xchange Open-xchange Appsuite Frontend
5.4
CVSSv3
CVE-2023-26448
Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and...
Open-xchange Open-xchange Appsuite Frontend
5.4
CVSSv3
CVE-2023-26449
The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To ...
Open-xchange Open-xchange Appsuite Frontend
5.4
CVSSv3
CVE-2023-26450
The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To...
Open-xchange Open-xchange Appsuite Frontend
6.1
CVSSv3
CVE-2013-6242
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 prior to 6.22.3-rev5 and 6.22.4 prior to 6.22.4-rev12 allows remote malicious users to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related ...
Open-xchange Open-xchange Appsuite 7.2.2
Open-xchange Open-xchange Appsuite 7.4.0
Open-xchange Open-xchange Appsuite 6.22.3
Open-xchange Open-xchange Appsuite 6.22.4
6.5
CVSSv3
CVE-2018-5753
The frontend component in Open-Xchange OX App Suite prior to 7.6.3-rev31, 7.8.x prior to 7.8.2-rev31, 7.8.3 prior to 7.8.3-rev41, and 7.8.4 prior to 7.8.4-rev20 allows remote malicious users to spoof the origin of e-mails via unicode characters in the "personal part" of...
Open-xchange Open-xchange Appsuite 7.8.4
Open-xchange Open-xchange Appsuite 7.8.3
Open-xchange Open-xchange Appsuite 7.8.2
Open-xchange Open-xchange Appsuite 7.8.0
Open-xchange Open-xchange Appsuite 7.6.3
Open-xchange Open-xchange Appsuite
1 EDB exploit
6.1
CVSSv3
CVE-2016-6846
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend prior to 7.6.2-rev59, 7.8.0 prior to 7.8.0-rev38, 7.8.2 prior to 7.8.2-rev8; AppSuite frontend prior to 7.6.2-rev47, 7.8.0 prior to 7.8.0-rev30, and 7.8.2 prior to 7.8.2-rev8; Office Web prior to 7.6.2...
Open-xchange Open-xchange Appsuite Backend 7.8.0
Open-xchange Documentconverter-api 7.8.2
Open-xchange Office Web 7.8.2
Open-xchange Office Web 7.6.2
Open-xchange Open-xchange Appsuite Frontend 7.8.0
Open-xchange Open-xchange Appsuite Frontend 7.6.2
Open-xchange Open-xchange Appsuite Backend 7.6.2
Open-xchange Open-xchange Appsuite Backend 7.8.2
Open-xchange Office Web 7.8.0
Open-xchange Open-xchange Appsuite Frontend 7.8.2
3.5
CVSSv3
CVE-2016-4027
An issue exists in Open-Xchange OX App Suite prior to 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments...
Open-xchange Open-xchange Appsuite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »