Open-Xchange Appsuite vulnerabilities
146 known vulnerabilities affecting open-xchange/open-xchange_appsuite.
Total CVEs
146
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH17MEDIUM117LOW5
Vulnerabilities
Page 8 of 8
CVE-2014-2077P4MEDIUMCVSS 4.3v7.4.1v7.4.22014-03-20
CVE-2014-2077 [MEDIUM] CWE-79 CVE-2014-2077: Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.
nvd
CVE-2016-4027P4LOWCVSS 3.5≤ 7.8.12016-12-15
CVE-2016-4027 [LOW] CWE-200 CVE-2016-4027: An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers t
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stor
nvd
CVE-2013-4790P4LOWCVSS 3.5v7.0.2v7.2.0+2 more2013-09-05
CVE-2013-4790 [LOW] CWE-255 CVE-2013-4790: Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before r
Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a person
nvd
CVE-2013-5698P4LOWCVSS 3.5v6.22.0v6.22.1+3 more2013-09-05
CVE-2013-5698 [LOW] CVE-2013-5698: Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.
nvd
CVE-2013-5690P4LOWCVSS 3.5≤ 7.2.1v6.20.7+5 more2013-10-03
CVE-2013-5690 [LOW] CWE-79 CVE-2013-5690: Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remo
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.
nvd
CVE-2019-11806P4LOWCVSS 3.3≥ 7.6.3, ≤ 7.10.12019-08-20
CVE-2019-11806 [LOW] CWE-732 CVE-2019-11806: OX App Suite 7.10.1 and earlier has Insecure Permissions.
OX App Suite 7.10.1 and earlier has Insecure Permissions.
nvd
← Previous8 / 8