cbcvebase.

Open-Xchange Appsuite vulnerabilities

146 known vulnerabilities affecting open-xchange/open-xchange_appsuite.

Total CVEs
146
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH17MEDIUM117LOW5

Vulnerabilities

Page 6 of 8
CVE-2017-17061P4MEDIUMCVSS 5.4≤ 7.8.42019-05-23
CVE-2017-17061 [MEDIUM] CWE-79 CVE-2017-17061: OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
nvd
CVE-2017-13668P4MEDIUMCVSS 5.4≤ 7.8.42019-05-23
CVE-2017-13668 [MEDIUM] CWE-79 CVE-2017-13668: OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
nvd
CVE-2020-12646P4MEDIUMCVSS 5.4≤ 7.10.32020-08-31
CVE-2020-12646 [MEDIUM] CWE-79 CVE-2020-12646: OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
nvd
CVE-2022-29852P4MEDIUMCVSS 5.4fixed in 7.10.5≥ 8.2, < 8.2.324+2 more2022-12-26
CVE-2022-29852 [MEDIUM] CWE-79 CVE-2022-29852: OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.
nvd
CVE-2017-15030P4MEDIUMCVSS 6.1≤ 7.8.42019-05-23
CVE-2017-15030 [MEDIUM] CWE-79 CVE-2017-15030: Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
nvd
CVE-2017-5213P4MEDIUMCVSS 6.1≤ 7.8.32019-05-23
CVE-2017-5213 [MEDIUM] CWE-79 CVE-2017-5213: Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS). Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
nvd
CVE-2017-5864P4MEDIUMCVSS 6.1≤ 7.8.32019-05-22
CVE-2017-5864 [MEDIUM] CWE-79 CVE-2017-5864: Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS). Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
nvd
CVE-2020-15004P4MEDIUMCVSS 4.8v7.10.2v7.10.32020-10-23
CVE-2020-15004 [MEDIUM] CWE-79 CVE-2020-15004: OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.
nvd
CVE-2016-6848P4MEDIUMCVSS 5.5≤ 7.8.22016-12-15
CVE-2016-6848 [MEDIUM] CWE-254 CVE-2016-6848: An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead t
nvd
CVE-2023-29046P4MEDIUMCVSS 4.3fixed in 7.10.6v7.10.62023-11-02
CVE-2023-29046 [MEDIUM] CWE-400 CVE-2023-29046: Connections to external data sources, like e-mail autoconfiguration, were not terminated in case the Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amoun
nvd
CVE-2022-29853P4MEDIUMCVSS 5.4fixed in 7.10.5v7.10.5+2 more2022-12-26
CVE-2022-29853 [MEDIUM] CWE-79 CVE-2022-29853: OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire M OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.
nvd
CVE-2013-5935P4MEDIUMCVSS 4.3v7.0.1v7.0.2+2 more2013-09-25
CVE-2013-5935 [MEDIUM] CVE-2013-5935: The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-r The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200.
nvd
CVE-2013-6009P4MEDIUMCVSS 4.3≤ 7.2.1v6.20.7+5 more2013-10-03
CVE-2013-6009 [MEDIUM] CWE-94 CVE-2013-6009: CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain condit CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.
nvd
CVE-2020-12643P4MEDIUMCVSS 4.3≤ 7.10.32020-08-31
CVE-2020-12643 [MEDIUM] CWE-639 CVE-2020-12643: OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
nvd
CVE-2013-2582P4MEDIUMCVSS 5.0v6.22.0v6.22.1+2 more2013-09-05
CVE-2013-2582 [MEDIUM] CWE-94 CVE-2013-2582: CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22 CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.
nvd
CVE-2013-5035P4MEDIUMCVSS 4.9v7.2.22013-09-05
CVE-2013-5035 [MEDIUM] CWE-362 CVE-2013-5035: Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before re Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.
nvd
CVE-2014-9466P4MEDIUMCVSS 4.0v7.4.2v7.6.0+1 more2015-02-17
CVE-2014-9466 [MEDIUM] CWE-264 CVE-2014-9466: Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."
nvd
CVE-2016-4048P4MEDIUMCVSS 4.3≤ 7.8.12016-12-15
CVE-2016-4048 [MEDIUM] CVE-2016-4048: An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be show An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks.
nvd
CVE-2014-2391P4MEDIUMCVSS 4.3≤ 7.2.2v7.2.0+3 more2014-04-24
CVE-2014-2391 [MEDIUM] CWE-200 CVE-2014-2391: The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading
nvd
CVE-2013-5936P4MEDIUMCVSS 4.3v7.0.1v7.0.2+2 more2013-09-25
CVE-2013-5936 [MEDIUM] CVE-2013-5936: The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-r The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulne
nvd
Open-Xchange Appsuite vulnerabilities | cvebase