Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange open-xchange appsuite vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv3
CVE-2016-4027
An issue exists in Open-Xchange OX App Suite prior to 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments...
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2016-4045
An issue exists in Open-Xchange OX App Suite prior to 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can ...
Open-xchange Open-xchange Appsuite
5.8
CVSSv3
CVE-2016-4046
An issue exists in Open-Xchange OX App Suite prior to 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the r...
Open-xchange Open-xchange Appsuite
4.3
CVSSv3
CVE-2016-4047
An issue exists in Open-Xchange OX App Suite prior to 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a resul...
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2016-5124
An issue exists in Open-Xchange OX App Suite prior to 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image fro...
Open-xchange Open-xchange Appsuite
6.4
CVSSv3
CVE-2021-23927
OX App Suite up to and including 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23928
OX App Suite up to and including 7.10.3 allows XSS via the ajax/apps/manifests query string.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23929
OX App Suite up to and including 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23930
OX App Suite up to and including 7.10.4 allows XSS via use of the conversion API for a distributedFile.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23931
OX App Suite up to and including 7.10.4 allows XSS via an inline binary file.
Open-xchange Open-xchange Appsuite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »