Skip to main content

Open Xchange Appsuite

112 CVEs product

Monthly

CVE-2023-29047 HIGH This Week

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-29046 MEDIUM This Month

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Open Xchange Appsuite
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-29045 MEDIUM This Month

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29044 MEDIUM This Month

Documents operations could be manipulated to contain invalid data types, possibly script code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29043 MEDIUM This Month

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-26455 HIGH This Week

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Open Xchange Appsuite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26454 HIGH This Week

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-26453 HIGH This Week

Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-26452 HIGH This Week

Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-37310 MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37309 MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-29853 MEDIUM This Month

OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-29852 MEDIUM This Month

OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-37308 MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37313 MEDIUM POC This Month

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-37312 MEDIUM POC This Month

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-37311 MEDIUM POC This Month

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-37307 MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-31469 MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-37403 MEDIUM This Month

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-37402 MEDIUM This Month

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-26699 MEDIUM This Month

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
2.0%
CVE-2021-26698 MEDIUM POC This Month

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-31935 MEDIUM This Month

OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-31934 MEDIUM This Month

OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-23936 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via the subject of a task. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-23935 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23934 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23933 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23932 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23931 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via an inline binary file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23930 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23929 MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23928 MEDIUM This Month

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-23927 MEDIUM This Month

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2020-15004 MEDIUM POC This Month

OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
4.8
EPSS
2.8%
CVE-2020-15003 MEDIUM POC This Month

OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-15002 MEDIUM POC This Month

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.0
EPSS
1.6%
CVE-2020-12646 MEDIUM This Month

OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-12645 CRITICAL Act Now

OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-12644 MEDIUM This Month

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.0
EPSS
0.7%
CVE-2020-12643 MEDIUM This Month

OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Xchange Appsuite
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-8544 MEDIUM This Month

OX App Suite through 7.10.3 allows SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-8543 HIGH This Week

OX App Suite through 7.10.3 has Improper Input Validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-8542 MEDIUM This Month

OX App Suite through 7.10.3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-8541 MEDIUM This Month

OX App Suite through 7.10.3 allows XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Open Xchange Appsuite
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-14227 MEDIUM POC This Month

OX App Suite 7.10.1 and 7.10.2 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-14226 HIGH POC This Week

OX App Suite through 7.10.2 has Insecure Permissions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2019-14225 MEDIUM POC This Month

OX App Suite 7.10.1 and 7.10.2 allows SSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-11806 LOW POC Monitor

OX App Suite 7.10.1 and earlier has Insecure Permissions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2019-11522 MEDIUM POC This Month

OX App Suite 7.10.0 to 7.10.2 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-11521 HIGH This Week

OX App Suite 7.10.1 allows Content Spoofing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Open Xchange Appsuite
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2019-7159 HIGH This Week

OX App Suite 7.10.1 and earlier allows Information Exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-7158 CRITICAL Act Now

OX App Suite 7.10.0 and earlier has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-9998 MEDIUM This Month

Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-9997 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-5756 MEDIUM POC This Month

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Open Xchange Appsuite
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
5.6%
CVE-2018-5755 MEDIUM POC This Month

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Open Xchange Appsuite
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
8.0%
CVE-2018-5754 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Open Xchange Appsuite
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
3.0%
CVE-2018-5753 MEDIUM POC This Month

The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
8.4%
CVE-2018-5752 HIGH POC This Week

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
8.3%
CVE-2018-5751 MEDIUM POC This Month

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
9.2%
CVE-2015-1588 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Open Xchange Server
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6852 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-6850 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6848 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Open Xchange Appsuite
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6847 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6845 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6844 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6843 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6842 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5740 MEDIUM POC This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.9%
CVE-2016-5124 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-4048 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Open Xchange Appsuite
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-4047 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-4046 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.0
5.8
EPSS
0.2%
CVE-2016-4045 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4027 LOW Monitor

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.0
3.5
EPSS
0.3%
CVE-2016-4026 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-3174 HIGH This Week

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Open Xchange Appsuite
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2016-3173 MEDIUM This Month

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2840 MEDIUM This Month

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2015-5375 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite Open Xchange Server
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9466 MEDIUM This Month

Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Open Xchange Appsuite
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-8993 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1679 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6241 MEDIUM This Month

The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-7871 MEDIUM POC This Month

SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-5235 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5234 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 7.3
HIGH This Week

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Open Xchange Appsuite
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Documents operations could be manipulated to contain invalid data types, possibly script code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 7.8
HIGH This Week

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Open Xchange Appsuite
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 2% CVSS 5.4
MEDIUM This Month

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via the subject of a task. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via an inline binary file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
EPSS 3% CVSS 4.8
MEDIUM POC This Month

OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 2% CVSS 5.0
MEDIUM POC This Month

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

OX App Suite through 7.10.3 allows SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
EPSS 2% CVSS 7.5
HIGH This Week

OX App Suite through 7.10.3 has Improper Input Validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

OX App Suite through 7.10.3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

OX App Suite through 7.10.3 allows XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

OX App Suite 7.10.1 and 7.10.2 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

OX App Suite through 7.10.2 has Insecure Permissions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

OX App Suite 7.10.1 and 7.10.2 allows SSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD
EPSS 0% CVSS 3.3
LOW POC Monitor

OX App Suite 7.10.1 and earlier has Insecure Permissions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

OX App Suite 7.10.0 to 7.10.2 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 2% CVSS 8.1
HIGH This Week

OX App Suite 7.10.1 allows Content Spoofing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Open Xchange Appsuite
NVD
EPSS 2% CVSS 7.5
HIGH This Week

OX App Suite 7.10.1 and earlier allows Information Exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

OX App Suite 7.10.0 and earlier has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 6% CVSS 4.3
MEDIUM POC This Month

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Open Xchange Appsuite
NVD Exploit-DB
EPSS 8% CVSS 5.5
MEDIUM POC This Month

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Open Xchange Appsuite
NVD Exploit-DB
EPSS 3% CVSS 5.4
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Open Xchange Appsuite
NVD Exploit-DB
EPSS 8% CVSS 6.5
MEDIUM POC This Month

The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD Exploit-DB
EPSS 8% CVSS 8.8
HIGH POC This Week

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD Exploit-DB
EPSS 9% CVSS 6.5
MEDIUM POC This Month

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Open Xchange Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Open Xchange Appsuite
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Open Xchange Appsuite
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Open Xchange Appsuite
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 3.5
LOW Monitor

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 7.4
HIGH This Week

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Open Xchange Appsuite
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite Open Xchange Server
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Open Xchange Appsuite
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Open Xchange Appsuite
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy