Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange appsuite vulnerabilities and exploits
(subscribe to this query)
169
VMScore
CVE-2016-6848
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a t...
Open-xchange Open-xchange Appsuite
383
VMScore
CVE-2016-6850
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image wi...
Open-xchange Open-xchange Appsuite
312
VMScore
CVE-2017-17061
OX Software GmbH OX App Suite 7.8.4 and previous versions is affected by: Cross Site Scripting (XSS).
Open-xchange Open-xchange Appsuite
383
VMScore
CVE-2016-5124
An issue exists in Open-Xchange OX App Suite prior to 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image fro...
Open-xchange Open-xchange Appsuite
383
VMScore
CVE-2017-15030
Open-Xchange GmbH OX App Suite 7.8.4 and previous versions is affected by: Cross Site Scripting (XSS).
Open-xchange Open-xchange Appsuite
383
VMScore
CVE-2018-12611
OX App Suite 7.8.4 and previous versions allows Directory Traversal.
Open-xchange Open-xchange Appsuite
356
VMScore
CVE-2020-12644
OX App Suite 7.10.3 and previous versions allows SSRF, related to the mail account API and the /folder/list API.
Open-xchange Open-xchange Appsuite
445
VMScore
CVE-2020-12645
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
Open-xchange Open-xchange Appsuite
312
VMScore
CVE-2020-12646
OX App Suite 7.10.3 and previous versions allows XSS via text/x-javascript, text/rdf, or a PDF document.
Open-xchange Open-xchange Appsuite
490
VMScore
CVE-2021-23927
OX App Suite up to and including 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
Open-xchange Open-xchange Appsuite
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »