Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange appsuite vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2018-13103
OX App Suite 7.8.4 and previous versions allows SSRF.
Open-xchange Open-xchange Appsuite
3.5
CVSSv2
CVE-2018-13104
OX App Suite 7.8.4 and previous versions allows XSS. Internal reference: 58742 (Bug ID)
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2016-5124
An issue exists in Open-Xchange OX App Suite prior to 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image fro...
Open-xchange Open-xchange Appsuite
4
CVSSv2
CVE-2020-15002
OX App Suite up to and including 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2016-6842
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Maliciou...
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2016-6843
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases ...
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2016-6844
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data&...
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2016-6845
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an malicious user to provide hyperlinks that may execute script cod...
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2016-6847
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's...
Open-xchange Open-xchange Appsuite
1.9
CVSSv2
CVE-2016-6848
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a t...
Open-xchange Open-xchange Appsuite
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »