Open-Xchange Gmbh Ox App Suite vulnerabilities
27 known vulnerabilities affecting open-xchange_gmbh/ox_app_suite.
Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM23
Vulnerabilities
Page 2 of 2
CVE-2023-41704P4MEDIUMCVSS 6.1≤ 7.10.6-rev552024-02-12
CVE-2023-41704 [MEDIUM] CWE-79 CVE-2023-41704: Processing of CID references at E-Mail can be abused to inject malicious script code that passes the
Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content
nvd
CVE-2023-41703P4MEDIUMCVSS 6.1≤ 7.10.6-rev92024-02-12
CVE-2023-41703 [MEDIUM] CWE-79 CVE-2023-41703: User ID references at mentions in document comments were not correctly sanitized. Script code could
User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available
nvd
CVE-2023-41710P4MEDIUMCVSS 5.4≤ 7.10.6-rev342024-01-08
CVE-2023-41710 [MEDIUM] CWE-79 CVE-2023-41710: User-defined script code could be stored for a upsell related shop URL. This code was not correctly
User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.
nvd
CVE-2023-29052P4MEDIUMCVSS 5.4≤ 7.10.6-rev342024-01-08
CVE-2023-29052 [MEDIUM] CWE-79 CVE-2023-29052: Users were able to define disclaimer texts for an upsell shop dialog that would contain script code
Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.
nvd
CVE-2023-41708P4MEDIUMCVSS 5.4≤ 7.10.6-rev382024-02-12
CVE-2023-41708 [MEDIUM] CWE-79 CVE-2023-41708: References to the "app loader" functionality could contain redirects to unexpected locations. Attack
References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available
nvd
CVE-2025-30190P4MEDIUMCVSS 5.4≤ 8.35.15138172025-11-27
CVE-2025-30190 [MEDIUM] CWE-79 CVE-2025-30190: Malicious content at office documents can be used to inject script code when editing a document. Uni
Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available exploits are known
nvd
CVE-2025-30191P4MEDIUMCVSS 5.4≤ 7.6.3-rev772025-10-31
CVE-2025-30191 [MEDIUM] CWE-1021 CVE-2025-30191: Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to pe
Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedure. No publicly available exploits are known
nvd
← Previous2 / 2