Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange appsuite vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-37402
OX App Suite prior to 7.10.3-rev32 and 7.10.4 prior to 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.
Open-xchange Open-xchange Appsuite 7.10.3
Open-xchange Open-xchange Appsuite 7.10.4
6.1
CVSSv3
CVE-2019-14227
OX App Suite 7.10.1 and 7.10.2 allows XSS.
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.1
NA
CVE-2014-2077
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 prior to 7.4.1-rev10 and 7.4.2 prior to 7.4.2-rev8 allows remote malicious users to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags&qu...
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.4.1
5.4
CVSSv3
CVE-2019-14225
OX App Suite 7.10.1 and 7.10.2 allows SSRF.
Open-xchange Open-xchange Appsuite 7.10.1
Open-xchange Open-xchange Appsuite 7.10.2
6.1
CVSSv3
CVE-2013-7485
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x prior to 7.2.2-rev26 and 7.4.x prior to 7.4.0-rev16 allows remote malicious users to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error...
Open-xchange Open-xchange Appsuite 7.2.2
Open-xchange Open-xchange Appsuite 7.4.0
3.3
CVSSv3
CVE-2023-26427
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.
Open-xchange Open-xchange Appsuite Backend
Open-xchange Open-xchange Appsuite Backend 7.10.6
6.5
CVSSv3
CVE-2023-26428
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not ...
Open-xchange Open-xchange Appsuite Backend
Open-xchange Open-xchange Appsuite Backend 7.10.6
5.3
CVSSv3
CVE-2023-26429
Control characters were not removed when exporting user feedback content. This allowed malicious users to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during th...
Open-xchange Open-xchange Appsuite Backend
Open-xchange Open-xchange Appsuite Backend 7.10.6
4.3
CVSSv3
CVE-2023-26431
IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain ...
Open-xchange Open-xchange Appsuite Backend
Open-xchange Open-xchange Appsuite Backend 7.10.6
4.3
CVSSv3
CVE-2023-26432
When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now ...
Open-xchange Open-xchange Appsuite Backend
Open-xchange Open-xchange Appsuite Backend 7.10.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »