Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange open-xchange appsuite vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-6074
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x prior to 7.2.2-rev25 and 7.4.x prior to 7.4.0-rev14 allows remote malicious users to inject arbitrary web script or HTML via an attached SVG file.
Open-xchange Open-xchange Appsuite 7.4.0
Open-xchange Open-xchange Appsuite 7.2.0
Open-xchange Open-xchange Appsuite 7.2.1
Open-xchange Open-xchange Appsuite 7.2.2
4.3
CVSSv2
CVE-2013-3106
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server prior to 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote malicious users to inject arbitrary web script or HTM...
Open-xchange Open-xchange Server 7.0.2
Open-xchange Open-xchange Appsuite 6.22.0
Open-xchange Open-xchange Server 6.22.0
Open-xchange Open-xchange Server 7.0.1
Open-xchange Open-xchange Appsuite 6.22.1
Open-xchange Open-xchange Appsuite 7.0.1
Open-xchange Open-xchange Appsuite 7.0.2
Open-xchange Open-xchange Appsuite 7.2.0
Open-xchange Open-xchange Server 7.2.0
Open-xchange Open-xchange Appsuite 6.20.7
Open-xchange Open-xchange Server 6.20.7
Open-xchange Open-xchange Server 6.22.1
NA
CVE-2022-31469
OX App Suite up to and including 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.10.5
Open-xchange Open-xchange Appsuite 7.10.6
NA
CVE-2022-37307
OX App Suite up to and including 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.10.5
Open-xchange Open-xchange Appsuite 7.10.6
NA
CVE-2022-37309
OX App Suite up to and including 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.10.5
Open-xchange Open-xchange Appsuite 7.10.6
4.3
CVSSv2
CVE-2014-8993
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite prior to 7.4.2-rev40, 7.6.0 prior to 7.6.0-rev32, and 7.6.1 prior to 7.6.1-rev11 allows remote malicious users to inject arbitrary web script or HTML via a crafted XHTML file with the applicatio...
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.6.0
Open-xchange Open-xchange Appsuite 7.6.1
4.3
CVSSv2
CVE-2014-1679
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite prior to 7.2.2-rev31, 7.4.0 prior to 7.4.0-rev27, and 7.4.1 prior to 7.4.1-rev17 allows remote malicious users to inject arbitrary web script or HTML via the header in an attached SVG file.
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.4.0
Open-xchange Open-xchange Appsuite 7.4.1
6.8
CVSSv2
CVE-2014-5238
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite prior to 7.4.2-rev11 and 7.6.x prior to 7.6.0-rev9 allows remote malicious users to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.6.0
NA
CVE-2022-29852
OX App Suite up to and including 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.10.5
Open-xchange Open-xchange Appsuite 7.10.6
5
CVSSv2
CVE-2014-5236
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite prior to 7.4.2-rev10 and 7.6.x prior to 7.6.0-rev10 allow remote malicious users to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDo...
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »