Open-Xchange Appsuite vulnerabilities
146 known vulnerabilities affecting open-xchange/open-xchange_appsuite.
Total CVEs
146
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH17MEDIUM117LOW5
Vulnerabilities
Page 5 of 8
CVE-2021-23932P4MEDIUMCVSS 6.1≤ 7.10.32021-01-12
CVE-2021-23932 [MEDIUM] CWE-79 CVE-2021-23932: OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
nvd
CVE-2021-23933P4MEDIUMCVSS 6.1≤ 7.10.32021-01-12
CVE-2021-23933 [MEDIUM] CWE-79 CVE-2021-23933: OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
nvd
CVE-2021-31935P4MEDIUMCVSS 6.1≤ 7.10.42021-04-30
CVE-2021-31935 [MEDIUM] CWE-79 CVE-2021-31935: OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common na
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
nvd
CVE-2021-23936P4MEDIUMCVSS 6.1≤ 7.10.42021-01-12
CVE-2021-23936 [MEDIUM] CWE-79 CVE-2021-23936: OX App Suite through 7.10.4 allows XSS via the subject of a task.
OX App Suite through 7.10.4 allows XSS via the subject of a task.
nvd
CVE-2016-4026P4MEDIUMCVSS 6.1≤ 7.8.12016-12-15
CVE-2016-4026 [MEDIUM] CWE-79 CVE-2016-4026: An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer compo
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to se
nvd
CVE-2022-37308P4MEDIUMCVSS 6.1fixed in 7.10.5v7.10.5+1 more2022-12-26
CVE-2022-37308 [MEDIUM] CWE-79 CVE-2022-37308: OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.
OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.
nvd
CVE-2022-31469P4MEDIUMCVSS 6.1fixed in 7.10.5v7.10.5+1 more2022-12-26
CVE-2022-31469 [MEDIUM] CWE-79 CVE-2022-31469: OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.
nvd
CVE-2022-37307P4MEDIUMCVSS 6.1fixed in 7.10.5v7.10.5+1 more2022-12-26
CVE-2022-37307 [MEDIUM] CWE-79 CVE-2022-37307: OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.
nvd
CVE-2022-37309P4MEDIUMCVSS 6.1fixed in 7.10.5v7.10.5+1 more2022-12-26
CVE-2022-37309 [MEDIUM] CWE-79 CVE-2022-37309: OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address b
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
nvd
CVE-2018-12610P4MEDIUMCVSS 5.3≤ 7.8.42019-01-30
CVE-2018-12610 [MEDIUM] CWE-200 CVE-2018-12610: OX App Suite 7.8.4 and earlier allows Information Exposure.
OX App Suite 7.8.4 and earlier allows Information Exposure.
nvd
CVE-2017-8341P4MEDIUMCVSS 5.3≤ 7.8.32019-05-22
CVE-2017-8341 [MEDIUM] CWE-20 CVE-2017-8341: Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
nvd
CVE-2022-37312P4MEDIUMCVSS 5.3fixed in 7.10.5v7.10.5+1 more2022-12-26
CVE-2022-37312 [MEDIUM] CWE-1284 CVE-2022-37312: OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containin
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
nvd
CVE-2017-9809P4MEDIUMCVSS 5.3≤ 7.8.42019-05-22
CVE-2017-9809 [MEDIUM] CWE-200 CVE-2017-9809: OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.
nvd
CVE-2013-7140P4MEDIUMCVSS 4.0≤ 7.4.1v6.20.7+8 more2014-01-26
CVE-2013-7140 [MEDIUM] CVE-2013-7140: XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1
XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE
nvd
CVE-2021-23929P4MEDIUMCVSS 6.1≤ 7.10.32021-01-12
CVE-2021-23929 [MEDIUM] CWE-79 CVE-2021-23929: OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/?delivery=view URI.
nvd
CVE-2020-28945P4MEDIUMCVSS 6.1≤ 7.10.42021-05-03
CVE-2020-28945 [MEDIUM] CWE-79 CVE-2020-28945: OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, suc
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as  vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remot
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.
nvd
CVE-2017-12885P4MEDIUMCVSS 6.1≤ 7.8.42019-05-10
CVE-2017-12885 [MEDIUM] CWE-79 CVE-2017-12885: OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
nvd
CVE-2017-9808P4MEDIUMCVSS 6.1≤ 7.8.42019-05-22
CVE-2017-9808 [MEDIUM] CWE-79 CVE-2017-9808: OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
nvd
CVE-2018-13104P4MEDIUMCVSS 5.4≤ 7.8.42019-03-21
CVE-2018-13104 [MEDIUM] CWE-79 CVE-2018-13104: OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)
nvd