Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange open-xchange documents vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2020-15003
OX App Suite up to and including 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
4.8
CVSSv3
CVE-2020-15004
OX App Suite up to and including 7.10.3 allows stats/diagnostic?param= XSS.
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
5
CVSSv3
CVE-2019-18846
OX App Suite up to and including 7.10.2 allows SSRF.
Open-xchange Open-xchange Appsuite
5.4
CVSSv3
CVE-2020-24700
OX App Suite up to and including 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2020-24701
OX App Suite up to and including 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
Open-xchange Open-xchange Appsuite
4.3
CVSSv3
CVE-2020-12643
OX App Suite 7.10.3 and previous versions has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
Open-xchange Open-xchange Appsuite
5.4
CVSSv3
CVE-2020-12646
OX App Suite 7.10.3 and previous versions allows XSS via text/x-javascript, text/rdf, or a PDF document.
Open-xchange Open-xchange Appsuite
5
CVSSv3
CVE-2020-12644
OX App Suite 7.10.3 and previous versions allows SSRF, related to the mail account API and the /folder/list API.
Open-xchange Open-xchange Appsuite
9.8
CVSSv3
CVE-2020-12645
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
Open-xchange Open-xchange Appsuite
5.4
CVSSv3
CVE-2023-29044
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parti...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »