Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange open-xchange appsuite vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-26452
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by defaul...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
8.8
CVSSv3
CVE-2023-26453
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL stateme...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
8.8
CVSSv3
CVE-2023-26454
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL s...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
7.8
CVSSv3
CVE-2023-26455
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated ...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
NA
CVE-2014-2077
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 prior to 7.4.1-rev10 and 7.4.2 prior to 7.4.2-rev8 allows remote malicious users to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags&qu...
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.4.1
5.4
CVSSv3
CVE-2019-14225
OX App Suite 7.10.1 and 7.10.2 allows SSRF.
Open-xchange Open-xchange Appsuite 7.10.1
Open-xchange Open-xchange Appsuite 7.10.2
6.1
CVSSv3
CVE-2021-37402
OX App Suite prior to 7.10.3-rev32 and 7.10.4 prior to 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.
Open-xchange Open-xchange Appsuite 7.10.3
Open-xchange Open-xchange Appsuite 7.10.4
6.1
CVSSv3
CVE-2013-7485
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x prior to 7.2.2-rev26 and 7.4.x prior to 7.4.0-rev16 allows remote malicious users to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error...
Open-xchange Open-xchange Appsuite 7.2.2
Open-xchange Open-xchange Appsuite 7.4.0
4.3
CVSSv3
CVE-2020-15003
OX App Suite up to and including 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
4.8
CVSSv3
CVE-2020-15004
OX App Suite up to and including 7.10.3 allows stats/diagnostic?param= XSS.
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »