Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange appsuite vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-5236
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite prior to 7.4.2-rev10 and 7.6.x prior to 7.6.0-rev10 allow remote malicious users to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDo...
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.6.0
NA
CVE-2022-37312
OX App Suite up to and including 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.10.5
Open-xchange Open-xchange Appsuite 7.10.6
NA
CVE-2022-37307
OX App Suite up to and including 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.10.5
Open-xchange Open-xchange Appsuite 7.10.6
NA
CVE-2022-37310
OX App Suite up to and including 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.10.5
Open-xchange Open-xchange Appsuite 7.10.6
NA
CVE-2022-37313
OX App Suite up to and including 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.10.5
Open-xchange Open-xchange Appsuite 7.10.6
312
VMScore
CVE-2020-8542
OX App Suite up to and including 7.10.3 allows XSS.
Open-xchange Open-xchange Appsuite 7.10.1
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
356
VMScore
CVE-2014-9466
Open-Xchange (OX) AppSuite and Server prior to 7.4.2-rev42, 7.6.0 prior to 7.6.0-rev36, and 7.6.1 prior to 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identi...
Open-xchange Open-xchange Appsuite 7.6.1
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.6.0
356
VMScore
CVE-2020-8541
OX App Suite up to and including 7.10.3 allows XXE attacks.
Open-xchange Open-xchange Appsuite 7.10.1
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
383
VMScore
CVE-2013-3106
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server prior to 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote malicious users to inject arbitrary web script or HTM...
Open-xchange Open-xchange Server 7.0.2
Open-xchange Open-xchange Appsuite 6.22.0
Open-xchange Open-xchange Server 6.22.0
Open-xchange Open-xchange Server 7.0.1
Open-xchange Open-xchange Appsuite 6.22.1
Open-xchange Open-xchange Appsuite 7.0.1
Open-xchange Open-xchange Appsuite 7.0.2
Open-xchange Open-xchange Appsuite 7.2.0
Open-xchange Open-xchange Server 7.2.0
Open-xchange Open-xchange Appsuite 6.20.7
Open-xchange Open-xchange Server 6.20.7
Open-xchange Open-xchange Server 6.22.1
383
VMScore
CVE-2016-6846
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend prior to 7.6.2-rev59, 7.8.0 prior to 7.8.0-rev38, 7.8.2 prior to 7.8.2-rev8; AppSuite frontend prior to 7.6.2-rev47, 7.8.0 prior to 7.8.0-rev30, and 7.8.2 prior to 7.8.2-rev8; Office Web prior to 7.6.2...
Open-xchange Open-xchange Appsuite Frontend 7.6.2
Open-xchange Open-xchange Appsuite Backend 7.8.0
Open-xchange Open-xchange Appsuite Backend 7.8.2
Open-xchange Open-xchange Appsuite Backend 7.6.2
Open-xchange Office Web 7.8.0
Open-xchange Open-xchange Appsuite Frontend 7.8.0
Open-xchange Documentconverter-api 7.8.2
Open-xchange Office Web 7.8.2
Open-xchange Office Web 7.6.2
Open-xchange Open-xchange Appsuite Frontend 7.8.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »