Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange appsuite vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-15030
Open-Xchange GmbH OX App Suite 7.8.4 and previous versions is affected by: Cross Site Scripting (XSS).
Open-xchange Open-xchange Appsuite
5
CVSSv3
CVE-2019-18846
OX App Suite up to and including 7.10.2 allows SSRF.
Open-xchange Open-xchange Appsuite
5.4
CVSSv3
CVE-2016-3173
An issue exists in Open-Xchange OX AppSuite prior to 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file...
Open-xchange Open-xchange Appsuite
7.4
CVSSv3
CVE-2016-3174
An issue exists in Open-Xchange OX AppSuite prior to 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trust...
Open-xchange Open-xchange Appsuite
8.8
CVSSv3
CVE-2017-6912
Open-Xchange GmbH OX App Suite 7.8.3 and previous versions is affected by: Incorrect Access Control.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2017-6913
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail prior to 7.6.3-rev28 allows remote malicious users to inject arbitrary web script or HTML via the event attribute in a time tag.
Open-xchange Open-xchange Appsuite
1 Github repository
6.4
CVSSv3
CVE-2021-23927
OX App Suite up to and including 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23928
OX App Suite up to and including 7.10.3 allows XSS via the ajax/apps/manifests query string.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23929
OX App Suite up to and including 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23931
OX App Suite up to and including 7.10.4 allows XSS via an inline binary file.
Open-xchange Open-xchange Appsuite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »