cbcvebase.

Open-Xchange Ox App Suite vulnerabilities

48 known vulnerabilities affecting open-xchange/ox_app_suite.

Total CVEs
48
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2MEDIUM42

Vulnerabilities

Page 2 of 3
CVE-2021-33490P4MEDIUMCVSS 6.1≤ 7.10.52021-11-22
CVE-2021-33490 [MEDIUM] CWE-79 CVE-2021-33490: OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.
nvd
CVE-2022-37306P4MEDIUMCVSS 6.1fixed in 7.10.6v7.10.62023-04-16
CVE-2022-37306 [MEDIUM] CWE-79 CVE-2022-37306: OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger. OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.
nvd
CVE-2023-24602P4MEDIUMCVSS 6.1fixed in 7.10.6v7.10.62023-05-29
CVE-2023-24602 [MEDIUM] CWE-79 CVE-2023-24602: OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.
nvd
CVE-2023-24601P4MEDIUMCVSS 6.1fixed in 7.10.6v7.10.62023-05-29
CVE-2023-24601 [MEDIUM] CWE-79 CVE-2023-24601: OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree.
nvd
CVE-2021-33493P4MEDIUMCVSS 6.0≤ 7.10.52021-11-22
CVE-2021-33493 [MEDIUM] CWE-94 CVE-2021-33493: The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.
nvd
CVE-2021-38374P4MEDIUMCVSS 5.4≤ 7.10.52021-11-22
CVE-2021-38374 [MEDIUM] CWE-79 CVE-2021-38374: OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader referenc OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.
nvd
CVE-2023-24597P4MEDIUMCVSS 5.3fixed in 7.10.6v7.10.62023-05-29
CVE-2023-24597 [MEDIUM] CVE-2023-24597: OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail mes OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing.
nvd
CVE-2021-38377P4MEDIUMCVSS 6.1≤ 7.10.52021-11-22
CVE-2021-38377 [MEDIUM] CWE-330 CVE-2021-38377: OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncate OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.
nvd
CVE-2021-33492P4MEDIUMCVSS 6.1v7.10.52021-11-22
CVE-2021-33492 [MEDIUM] CWE-79 CVE-2021-33492: OX App Suite 7.10.5 allows XSS via an OX Chat room name. OX App Suite 7.10.5 allows XSS via an OX Chat room name.
nvd
CVE-2021-33494P4MEDIUMCVSS 6.1v7.10.52021-11-22
CVE-2021-33494 [MEDIUM] CWE-79 CVE-2021-33494: OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.
nvd
CVE-2021-33495P4MEDIUMCVSS 6.1v7.10.52021-11-22
CVE-2021-33495 [MEDIUM] CWE-79 CVE-2021-33495: OX App Suite 7.10.5 allows XSS via an OX Chat system message. OX App Suite 7.10.5 allows XSS via an OX Chat system message.
nvd
CVE-2021-44212P4MEDIUMCVSS 6.1≤ 7.10.52022-03-28
CVE-2021-44212 [MEDIUM] CWE-79 CVE-2021-44212: OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substri OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.
nvd
CVE-2021-44213P4MEDIUMCVSS 6.1≤ 7.10.52022-03-28
CVE-2021-44213 [MEDIUM] CWE-79 CVE-2021-44213: OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.
nvd
CVE-2021-44209P4MEDIUMCVSS 6.1≤ 7.10.52022-03-28
CVE-2021-44209 [MEDIUM] CWE-79 CVE-2021-44209: OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.
nvd
CVE-2021-44208P4MEDIUMCVSS 6.1≤ 7.10.52022-03-28
CVE-2021-44208 [MEDIUM] CWE-79 CVE-2021-44208: OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.
nvd
CVE-2022-23101P4MEDIUMCVSS 6.1≤ 7.10.62022-07-27
CVE-2022-23101 [MEDIUM] CWE-79 CVE-2022-23101: OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.
nvd
CVE-2022-31468P4MEDIUMCVSS 6.1≤ 8.22022-10-25
CVE-2022-31468 [MEDIUM] CWE-79 CVE-2022-31468: OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.
nvd
CVE-2022-43696P4MEDIUMCVSS 6.1fixed in 7.10.6v7.10.62023-04-15
CVE-2022-43696 [MEDIUM] CWE-79 CVE-2022-43696: OX App Suite before 7.10.6-rev20 allows XSS via upsell ads. OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.
nvd
CVE-2022-43697P4MEDIUMCVSS 6.1fixed in 7.10.6v7.10.62023-04-15
CVE-2022-43697 [MEDIUM] CWE-79 CVE-2022-43697: OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob. OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob.
nvd
CVE-2021-44211P4MEDIUMCVSS 5.4≤ 7.10.52022-03-28
CVE-2021-44211 [MEDIUM] CWE-79 CVE-2021-44211: OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signa OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.
nvd
Open-Xchange Ox App Suite vulnerabilities | cvebase