open-xchange vulnerabilities and exploits

4.3
CVSSv2
CVE-2006-0091

Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline....

7.5
CVSSv2
CVE-2006-2738

The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed....

3.5
CVSSv2
CVE-2016-4028

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided...

4.3
CVSSv2
CVE-2017-9808

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)....

5
CVSSv2
CVE-2017-9809

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure....

7.5
CVSSv2
CVE-2017-5863

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control....

6.5
CVSSv2
CVE-2017-6912

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control....

4.3
CVSSv2
CVE-2017-6913

Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag....

Open-xchangeOpen-xchange Appsuite
4.3
CVSSv2
CVE-2013-3106

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via...

4.3
CVSSv2
CVE-2016-6846

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0...