Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2015-1588
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite prior to 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.
Open-xchange Open-xchange Server 6.22.13
Open-xchange Open-xchange Server 6.22.12
Open-xchange Open-xchange Appsuite 7.6.0
Open-xchange Open-xchange Server 6.0
Open-xchange Open-xchange Appsuite 7.6.1
Open-xchange Open-xchange Appsuite
383
VMScore
CVE-2014-2391
The password recovery service in Open-Xchange AppSuite prior to 7.2.2-rev20, 7.4.1 prior to 7.4.1-rev11, and 7.4.2 prior to 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote ...
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.2.0
Open-xchange Open-xchange Appsuite 7.2.1
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.4.1
383
VMScore
CVE-2014-2392
The E-Mail autoconfiguration feature in Open-Xchange AppSuite prior to 7.2.2-rev20, 7.4.1 prior to 7.4.1-rev11, and 7.4.2 prior to 7.4.2-rev13 places a password in a GET request, which allows remote malicious users to obtain sensitive information by reading (1) web-server access ...
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.2.0
Open-xchange Open-xchange Appsuite 7.2.1
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.4.1
383
VMScore
CVE-2014-2393
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 prior to 7.4.1-rev11 and 7.4.2 prior to 7.4.2-rev13 allows remote malicious users to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an ...
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.2.0
Open-xchange Open-xchange Appsuite 7.2.1
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.4.1
715
VMScore
CVE-2018-5755
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite prior to 7.6.3-rev3, 7.8.x prior to 7.8.2-rev4, 7.8.3 prior to 7.8.3-rev5, and 7.8.4 prior to 7.8.4-rev4 allows remote malicious users to read arbitrary files via a full pathname in a...
Open-xchange Open-xchange Appsuite 7.8.4
Open-xchange Open-xchange Appsuite 7.8.3
Open-xchange Open-xchange Appsuite 7.8.2
Open-xchange Open-xchange Appsuite 7.8.0
Open-xchange Open-xchange Appsuite
1 EDB exploit
NA
CVE-2022-29853
OX App Suite up to and including 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.10.5
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite 8.2
356
VMScore
CVE-2013-5934
Open-Xchange AppSuite 7.0.x prior to 7.0.2-rev15 and 7.2.x prior to 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote malicious users to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast clus...
Open-xchange Open-xchange Appsuite 7.0.1
Open-xchange Open-xchange Appsuite 7.0.2
Open-xchange Open-xchange Appsuite 7.2.0
Open-xchange Open-xchange Appsuite 7.2.1
445
VMScore
CVE-2020-8543
OX App Suite up to and including 7.10.3 has Improper Input Validation.
Open-xchange Open-xchange Appsuite 7.8.4
Open-xchange Open-xchange Appsuite 7.10.1
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
356
VMScore
CVE-2020-8544
OX App Suite up to and including 7.10.3 allows SSRF.
Open-xchange Open-xchange Appsuite 7.8.4
Open-xchange Open-xchange Appsuite 7.10.1
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
383
VMScore
CVE-2013-5935
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x prior to 7.0.2-rev15 and 7.2.x prior to 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote malicious users to obtain access by sending network t...
Open-xchange Open-xchange Appsuite 7.0.1
Open-xchange Open-xchange Appsuite 7.0.2
Open-xchange Open-xchange Appsuite 7.2.0
Open-xchange Open-xchange Appsuite 7.2.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »