cbcvebase.

Open-Xchange Appsuite vulnerabilities

146 known vulnerabilities affecting open-xchange/open-xchange_appsuite.

Total CVEs
146
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH17MEDIUM117LOW5

Vulnerabilities

Page 7 of 8
CVE-2016-4047P4MEDIUMCVSS 4.3≤ 7.8.12016-12-15
CVE-2016-4047 [MEDIUM] CWE-200 CVE-2016-4047: An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a
nvd
CVE-2020-15003P4MEDIUMCVSS 4.3v7.10.2v7.10.32020-10-23
CVE-2020-15003 [MEDIUM] CVE-2020-15003: OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
nvd
CVE-2013-5934P4MEDIUMCVSS 4.0v7.0.1v7.0.2+2 more2013-09-25
CVE-2013-5934 [MEDIUM] CVE-2013-5934: Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.
nvd
CVE-2015-5375P4MEDIUMCVSS 4.3≤ 7.6.22015-09-28
CVE-2015-5375 [MEDIUM] CWE-79 CVE-2015-5375: Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front En Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object propert
nvd
CVE-2014-5234P4MEDIUMCVSS 4.3≤ 7.4.1v6.20.7+9 more2014-09-17
CVE-2014-5234 [MEDIUM] CWE-79 CVE-2014-5234: Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-r Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.
nvd
CVE-2014-5235P4MEDIUMCVSS 4.3≤ 7.4.1v6.20.7+9 more2014-09-17
CVE-2014-5235 [MEDIUM] CWE-79 CVE-2014-5235: Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2- Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.
nvd
CVE-2013-7142P4MEDIUMCVSS 4.3≤ 7.4.1v6.20.7+8 more2014-01-26
CVE-2013-7142 [MEDIUM] CWE-79 CVE-2013-7142: Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remo Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.
nvd
CVE-2014-2392P4MEDIUMCVSS 4.3≤ 7.2.2v7.2.0+3 more2014-04-24
CVE-2014-2392 [MEDIUM] CWE-200 CVE-2014-2392: The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1 The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
nvd
CVE-2017-15029P4MEDIUMCVSS 4.3≤ 7.8.42019-05-23
CVE-2017-15029 [MEDIUM] CWE-918 CVE-2017-15029: Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
nvd
CVE-2014-8993P4MEDIUMCVSS 4.3≤ 7.4.2v7.6.0+1 more2015-01-07
CVE-2014-8993 [MEDIUM] CWE-79 CVE-2014-8993: Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-r Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.
nvd
CVE-2013-7141P4MEDIUMCVSS 4.3≤ 7.4.1v6.20.7+8 more2014-01-26
CVE-2013-7141 [MEDIUM] CWE-79 CVE-2013-7141: Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remo Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.
nvd
CVE-2016-6852P4MEDIUMCVSS 4.3≤ 7.8.22016-12-15
CVE-2016-6852 [MEDIUM] CWE-200 CVE-2016-6852: An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.
nvd
CVE-2013-3106P4MEDIUMCVSS 4.3v6.20.7v6.22.0+4 more2013-09-05
CVE-2013-3106 [MEDIUM] CWE-79 CVE-2013-3106: Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20. Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type he
nvd
CVE-2013-6241P4MEDIUMCVSS 4.0v7.2.0v7.2.1+2 more2014-12-27
CVE-2013-6241 [MEDIUM] CWE-200 CVE-2013-6241: The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a bir
nvd
CVE-2013-6074P4MEDIUMCVSS 4.3v7.2.0v7.2.1+2 more2013-11-20
CVE-2013-6074 [MEDIUM] CWE-79 CVE-2013-6074: Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.
nvd
CVE-2013-6997P4MEDIUMCVSS 4.3≤ 7.4.0v6.20.7+7 more2014-01-09
CVE-2013-6997 [MEDIUM] CWE-79 CVE-2013-6997: Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers."
nvd
CVE-2014-1679P4MEDIUMCVSS 4.3≤ 7.2.2v7.4.0+1 more2015-01-05
CVE-2014-1679 [MEDIUM] CWE-79 CVE-2014-1679: Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 bef Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.
nvd
CVE-2013-7143P4MEDIUMCVSS 4.3≤ 7.4.1v6.20.7+8 more2014-01-26
CVE-2013-7143 [MEDIUM] CWE-79 CVE-2013-7143: Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.
nvd
CVE-2014-2393P4MEDIUMCVSS 4.3≤ 7.2.2v7.2.0+3 more2014-04-24
CVE-2014-2393 [MEDIUM] CWE-79 CVE-2014-2393: Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.
nvd
CVE-2013-2583P4MEDIUMCVSS 4.3v6.20.7v6.22.0+3 more2013-09-05
CVE-2013-2583 [MEDIUM] CWE-79 CVE-2013-2583: Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20. Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaSc
nvd
Open-Xchange Appsuite vulnerabilities | cvebase