Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange open-xchange appsuite 7.8.2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2016-6852
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the mi...
Open-xchange Open-xchange Appsuite
5.5
CVSSv3
CVE-2016-6848
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a t...
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2016-6847
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's...
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2016-6842
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Maliciou...
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2016-6844
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data&...
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2016-6845
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an malicious user to provide hyperlinks that may execute script cod...
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2016-6850
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image wi...
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2016-6843
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases ...
Open-xchange Open-xchange Appsuite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2