Skip to main content

Open Xchange Appsuite Frontend

8 CVEs product

Monthly

CVE-2024-4367 npm HIGH POC PATCH THREAT CISA Act Now

Arbitrary JavaScript execution in Mozilla's PDF.js library affects Firefox before 126, Firefox ESR before 115.11, and Thunderbird before 115.11 when rendering a malicious PDF document. A missing type check in font handling lets a crafted PDF run JavaScript in the PDF.js context, and publicly available exploit code exists with an EPSS of 34.61% (97th percentile) indicating elevated exploitation likelihood.

Mozilla Information Disclosure Firefox Thunderbird Debian Linux +1
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
34.6%
Threat
6.3
CVE-2023-26450 MEDIUM This Month

The "OX Count" web service did not specify a media-type when processing responses by external resources. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Open Xchange Appsuite Frontend
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-26449 MEDIUM This Month

The "OX Chat" web service did not specify a media-type when processing responses by external resources. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Open Xchange Appsuite Frontend
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-26448 MEDIUM This Month

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Frontend
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26447 MEDIUM This Month

The "upsell" widget for the portal allows to specify a product description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Frontend
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26446 MEDIUM This Month

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Frontend
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26445 MEDIUM This Month

Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Frontend
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2016-6846 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Documentconverter Api Office Web Open Xchange Appsuite Backend +1
NVD
CVSS 3.0
6.1
EPSS
0.3%
EPSS 35% 6.3 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Arbitrary JavaScript execution in Mozilla's PDF.js library affects Firefox before 126, Firefox ESR before 115.11, and Thunderbird before 115.11 when rendering a malicious PDF document. A missing type check in font handling lets a crafted PDF run JavaScript in the PDF.js context, and publicly available exploit code exists with an EPSS of 34.61% (97th percentile) indicating elevated exploitation likelihood.

Mozilla Information Disclosure Firefox +3
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM This Month

The "OX Count" web service did not specify a media-type when processing responses by external resources. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Open Xchange Appsuite Frontend
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The "OX Chat" web service did not specify a media-type when processing responses by external resources. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Open Xchange Appsuite Frontend
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Frontend
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The "upsell" widget for the portal allows to specify a product description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Frontend
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Frontend
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Frontend
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Documentconverter Api +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy