Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange open-xchange documents vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-29045
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data ex...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
NA
CVE-2023-29043
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when p...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
357
VMScore
CVE-2020-15002
OX App Suite up to and including 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
Open-xchange Open-xchange Appsuite
NA
CVE-2023-26435
It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user...
Open-xchange Open-xchange Appsuite Backend
Open-xchange Open-xchange Appsuite Backend 7.10.6
383
VMScore
CVE-2016-6842
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Maliciou...
Open-xchange Open-xchange Appsuite
383
VMScore
CVE-2021-33489
OX App Suite up to and including 7.10.5 allows XSS via JavaScript code in a shared XCF file.
Open-xchange Ox App Suite
356
VMScore
CVE-2021-33491
OX App Suite up to and including 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.
Open-xchange Ox App Suite
320
VMScore
CVE-2021-33493
The middleware component in OX App Suite up to and including 7.10.5 allows Code Injection via Java classes in a YAML format.
Open-xchange Ox App Suite
516
VMScore
CVE-2021-33488
chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.
Open-xchange Ox App Suite
383
VMScore
CVE-2021-33490
OX App Suite up to and including 7.10.5 allows XSS via a crafted snippet in a shared mail signature.
Open-xchange Ox App Suite
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »