Filtered by vendor Open-xchange
Subscriptions
Filtered by product Ox App Suite
Subscriptions
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24600 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | 4.3 Medium |
| OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book. | ||||
| CVE-2023-24601 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | 6.1 Medium |
| OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree. | ||||
| CVE-2023-24602 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | 6.1 Medium |
| OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title. | ||||
| CVE-2023-29050 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 7.6 High |
| The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known. | ||||
| CVE-2022-24406 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.5 Medium |
| OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls. | ||||
| CVE-2022-24405 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 9.8 Critical |
| OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. | ||||
| CVE-2022-23101 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. | ||||
| CVE-2022-23100 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 9.8 Critical |
| OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). | ||||
| CVE-2021-44213 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. | ||||
| CVE-2021-44212 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring. | ||||
| CVE-2021-44211 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 5.4 Medium |
| OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature. | ||||
| CVE-2021-44210 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data. | ||||
| CVE-2021-44209 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. | ||||
| CVE-2021-44208 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. | ||||
| CVE-2021-38378 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 4.3 Medium |
| OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name. | ||||
| CVE-2021-38377 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results. | ||||
| CVE-2021-38376 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 5.3 Medium |
| OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. | ||||
| CVE-2021-38375 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. | ||||
| CVE-2021-38374 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 5.4 Medium |
| OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. | ||||
| CVE-2021-33495 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite 7.10.5 allows XSS via an OX Chat system message. | ||||