Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange server vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2019-14226
OX App Suite up to and including 7.10.2 has Insecure Permissions.
Open-xchange Open-xchange Appsuite
5.5
CVSSv2
CVE-2018-13103
OX App Suite 7.8.4 and previous versions allows SSRF.
Open-xchange Open-xchange Appsuite
4
CVSSv2
CVE-2018-12609
OX App Suite 7.8.4 and previous versions allows Server-Side Request Forgery.
Open-xchange Open-xchange Appsuite
3.5
CVSSv2
CVE-2018-13104
OX App Suite 7.8.4 and previous versions allows XSS. Internal reference: 58742 (Bug ID)
Open-xchange Open-xchange Appsuite
4
CVSSv2
CVE-2020-28943
OX App Suite 7.10.4 and previous versions allows SSRF via a snippet.
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2016-6852
An issue exists in Open-Xchange OX App Suite prior to 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the mi...
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2020-28945
OX App Suite 7.10.4 and previous versions allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2016-2840
An issue exists in Open-Xchange Server 6 / OX AppSuite prior to 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trust...
Open-xchange Open-xchange Appsuite
NA
CVE-2023-26442
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control ...
Open-xchange Open-xchange Appsuite Office
NA
CVE-2023-29050
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause h...
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
Open-xchange Ox App Suite 8.16
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »