Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange ox app suite vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-28945
OX App Suite 7.10.4 and previous versions allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.
Open-xchange Open-xchange Appsuite
4
CVSSv2
CVE-2020-28943
OX App Suite 7.10.4 and previous versions allows SSRF via a snippet.
Open-xchange Open-xchange Appsuite
5
CVSSv2
CVE-2020-28944
OX Guard 2.10.4 and previous versions allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.
Open-xchange Ox Guard
4.3
CVSSv2
CVE-2021-31935
OX App Suite 7.10.4 and previous versions allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2021-31934
OX App Suite 7.10.4 and previous versions allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
Open-xchange Open-xchange Appsuite
5.5
CVSSv2
CVE-2021-23927
OX App Suite up to and including 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2021-23928
OX App Suite up to and including 7.10.3 allows XSS via the ajax/apps/manifests query string.
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2021-23929
OX App Suite up to and including 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2021-23930
OX App Suite up to and including 7.10.4 allows XSS via use of the conversion API for a distributedFile.
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2021-23931
OX App Suite up to and including 7.10.4 allows XSS via an inline binary file.
Open-xchange Open-xchange Appsuite
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »