Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange appsuite vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2016-6848
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a t...
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2016-6850
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image wi...
Open-xchange Open-xchange Appsuite
5.4
CVSSv3
CVE-2017-17061
OX Software GmbH OX App Suite 7.8.4 and previous versions is affected by: Cross Site Scripting (XSS).
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2016-5124
An issue exists in Open-Xchange OX App Suite prior to 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image fro...
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2017-15030
Open-Xchange GmbH OX App Suite 7.8.4 and previous versions is affected by: Cross Site Scripting (XSS).
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2018-12611
OX App Suite 7.8.4 and previous versions allows Directory Traversal.
Open-xchange Open-xchange Appsuite
5
CVSSv3
CVE-2020-12644
OX App Suite 7.10.3 and previous versions allows SSRF, related to the mail account API and the /folder/list API.
Open-xchange Open-xchange Appsuite
9.8
CVSSv3
CVE-2020-12645
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
Open-xchange Open-xchange Appsuite
5.4
CVSSv3
CVE-2020-12646
OX App Suite 7.10.3 and previous versions allows XSS via text/x-javascript, text/rdf, or a PDF document.
Open-xchange Open-xchange Appsuite
6.4
CVSSv3
CVE-2021-23927
OX App Suite up to and including 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
Open-xchange Open-xchange Appsuite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »