Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
martin heiland vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-38376
OX App Suite up to and including 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.
Open-xchange Ox App Suite
NA
CVE-2014-7871
SQL injection vulnerability in Open-Xchange (OX) AppSuite prior to 7.4.2-rev36 and 7.6.x prior to 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.
Open-xchange Open-xchange Appsuite 7.6.0
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-44208
OX App Suite up to and including 7.10.5 allows XSS via an unknown system message in Chat.
Open-xchange Ox App Suite
9.8
CVSSv3
CVE-2020-12645
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
Open-xchange Open-xchange Appsuite
5.4
CVSSv3
CVE-2020-12646
OX App Suite 7.10.3 and previous versions allows XSS via text/x-javascript, text/rdf, or a PDF document.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2016-5124
An issue exists in Open-Xchange OX App Suite prior to 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image fro...
Open-xchange Open-xchange Appsuite
5.4
CVSSv3
CVE-2021-38374
OX App Suite through up to and including 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.
Open-xchange Ox App Suite
6.1
CVSSv3
CVE-2021-38375
OX App Suite up to and including 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message.
Open-xchange Ox App Suite
6.1
CVSSv3
CVE-2021-38377
OX App Suite up to and including 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.
Open-xchange Ox App Suite
4.3
CVSSv3
CVE-2021-38378
OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.
Open-xchange Ox App Suite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »