Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-29046
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an exte...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
7.3
CVSSv3
CVE-2023-29047
Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content wh...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
6.5
CVSSv3
CVE-2021-28093
OX Documents prior to 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32.
Open-xchange Open-xchange Documents 7.10.5
Open-xchange Open-xchange Documents
6.5
CVSSv3
CVE-2021-28094
OX Documents prior to 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32.
Open-xchange Open-xchange Documents 7.10.5
Open-xchange Open-xchange Documents
4.8
CVSSv3
CVE-2021-28095
OX Documents prior to 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32.
Open-xchange Open-xchange Documents 7.10.5
Open-xchange Open-xchange Documents
NA
CVE-2014-7871
SQL injection vulnerability in Open-Xchange (OX) AppSuite prior to 7.4.2-rev36 and 7.6.x prior to 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.
Open-xchange Open-xchange Appsuite 7.6.0
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2019-14227
OX App Suite 7.10.1 and 7.10.2 allows XSS.
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.1
4.8
CVSSv3
CVE-2020-15004
OX App Suite up to and including 7.10.3 allows stats/diagnostic?param= XSS.
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
6.1
CVSSv3
CVE-2021-37402
OX App Suite prior to 7.10.3-rev32 and 7.10.4 prior to 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.
Open-xchange Open-xchange Appsuite 7.10.3
Open-xchange Open-xchange Appsuite 7.10.4
6.1
CVSSv3
CVE-2021-37403
OX App Suite prior to 7.10.3-rev32 and 7.10.4 prior to 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.
Open-xchange Open-xchange Appsuite 7.10.3
Open-xchange Open-xchange Appsuite 7.10.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »