Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange open-xchange appsuite vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-23931
OX App Suite up to and including 7.10.4 allows XSS via an inline binary file.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23934
OX App Suite up to and including 7.10.4 allows XSS via a contact whose name contains JavaScript code.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23928
OX App Suite up to and including 7.10.3 allows XSS via the ajax/apps/manifests query string.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23929
OX App Suite up to and including 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23932
OX App Suite up to and including 7.10.4 allows XSS via an inline image with a crafted filename.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23933
OX App Suite up to and including 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23935
OX App Suite up to and including 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2021-23936
OX App Suite up to and including 7.10.4 allows XSS via the subject of a task.
Open-xchange Open-xchange Appsuite
5.4
CVSSv3
CVE-2020-24700
OX App Suite up to and including 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2020-24701
OX App Suite up to and including 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
Open-xchange Open-xchange Appsuite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »