Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange ox app suite vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24598
OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user.
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
NA
CVE-2023-24599
OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
NA
CVE-2023-24600
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
NA
CVE-2023-24601
OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree.
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
NA
CVE-2023-24602
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
NA
CVE-2023-24603
OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data.
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
NA
CVE-2023-24604
OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
NA
CVE-2023-24605
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
NA
CVE-2022-37306
OX App Suite prior to 7.10.6-rev30 allows XSS via an upsell trigger.
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
NA
CVE-2022-23100
OX App Suite up to and including 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).
Open-xchange Ox App Suite
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »