Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2021-28095
OX Documents prior to 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32.
Open-xchange Open-xchange Documents 7.10.5
Open-xchange Open-xchange Documents
NA
CVE-2023-26452
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by defaul...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
NA
CVE-2023-26453
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL stateme...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
NA
CVE-2023-26454
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL s...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
NA
CVE-2023-26455
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated ...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
578
VMScore
CVE-2014-7871
SQL injection vulnerability in Open-Xchange (OX) AppSuite prior to 7.4.2-rev36 and 7.6.x prior to 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.
Open-xchange Open-xchange Appsuite 7.6.0
Open-xchange Open-xchange Appsuite
383
VMScore
CVE-2021-37402
OX App Suite prior to 7.10.3-rev32 and 7.10.4 prior to 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.
Open-xchange Open-xchange Appsuite 7.10.3
Open-xchange Open-xchange Appsuite 7.10.4
383
VMScore
CVE-2021-37403
OX App Suite prior to 7.10.3-rev32 and 7.10.4 prior to 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.
Open-xchange Open-xchange Appsuite 7.10.3
Open-xchange Open-xchange Appsuite 7.10.4
516
VMScore
CVE-2021-26699
OX App Suite prior to 7.10.3-rev4 and 7.10.4 prior to 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.
Open-xchange Open-xchange Appsuite 7.10.3
Open-xchange Open-xchange Appsuite 7.10.4
383
VMScore
CVE-2013-7486
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x prior to 7.2.2-rev27 and 7.4.x prior to 7.4.0-rev20 allows remote malicious users to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from C...
Open-xchange Open-xchange Appsuite 7.2.2
Open-xchange Open-xchange Appsuite 7.4.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »