Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange open-xchange documents 7.10.5 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-33491
OX App Suite up to and including 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.
Open-xchange Ox App Suite
6.5
CVSSv3
CVE-2021-28093
OX Documents prior to 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32.
Open-xchange Open-xchange Documents 7.10.5
Open-xchange Open-xchange Documents
6.5
CVSSv3
CVE-2021-28094
OX Documents prior to 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32.
Open-xchange Open-xchange Documents 7.10.5
Open-xchange Open-xchange Documents
6.1
CVSSv3
CVE-2021-33492
OX App Suite 7.10.5 allows XSS via an OX Chat room name.
Open-xchange Ox App Suite 7.10.5
6.1
CVSSv3
CVE-2021-33494
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.
Open-xchange Ox App Suite 7.10.5
6.1
CVSSv3
CVE-2021-33495
OX App Suite 7.10.5 allows XSS via an OX Chat system message.
Open-xchange Ox App Suite 7.10.5
6.1
CVSSv3
CVE-2021-33488
chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.
Open-xchange Ox App Suite
6.1
CVSSv3
CVE-2021-33489
OX App Suite up to and including 7.10.5 allows XSS via JavaScript code in a shared XCF file.
Open-xchange Ox App Suite
6.1
CVSSv3
CVE-2021-33490
OX App Suite up to and including 7.10.5 allows XSS via a crafted snippet in a shared mail signature.
Open-xchange Ox App Suite
6
CVSSv3
CVE-2021-33493
The middleware component in OX App Suite up to and including 7.10.5 allows Code Injection via Java classes in a YAML format.
Open-xchange Ox App Suite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »