OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail...
5.4CVSS
5.2AI Score
0.001EPSS
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a...
6.1CVSS
6AI Score
0.001EPSS
OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not...
5.4CVSS
5.3AI Score
0.001EPSS
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap=...
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA...
5.3CVSS
5.4AI Score
0.001EPSS
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail...
6.1CVSS
6AI Score
0.001EPSS
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer...
5.3CVSS
5.3AI Score
0.001EPSS
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect...
5.3CVSS
5.3AI Score
0.001EPSS
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is...
5.4CVSS
5.4AI Score
0.002EPSS
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is...
6.1CVSS
6AI Score
0.001EPSS
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is...
6.1CVSS
6AI Score
0.004EPSS
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes...
6.1CVSS
5.8AI Score
0.002EPSS
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling...
6.1CVSS
5.8AI Score
0.001EPSS
6.5CVSS
6.8AI Score
0.001EPSS
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a...
6.1CVSS
5.8AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail://...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT...
6.4CVSS
6.3AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript...
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/?delivery=view...
6.1CVSS
5.8AI Score
0.001EPSS
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig....
5.4CVSS
6.7AI Score
0.027EPSS
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite...
6.1CVSS
5.8AI Score
0.008EPSS
4.8CVSS
6.8AI Score
0.001EPSS
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive...
4.3CVSS
6.8AI Score
0.001EPSS
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message...
5CVSS
5.2AI Score
0.001EPSS
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF...
5.4CVSS
5.9AI Score
0.001EPSS
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email...
4.3CVSS
6.9AI Score
0.001EPSS
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list...
5CVSS
6.8AI Score
0.001EPSS
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory...
9.8CVSS
6.8AI Score
0.002EPSS
5.4CVSS
6.8AI Score
0.001EPSS
6.5CVSS
6.8AI Score
0.001EPSS
7.5CVSS
6.8AI Score
0.001EPSS
6.5CVSS
6.8AI Score
0.001EPSS
5CVSS
6.8AI Score
0.002EPSS
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text...
7.5CVSS
6.8AI Score
0.003EPSS
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text...
7.8CVSS
7AI Score
0.003EPSS
6.6CVSS
6.9AI Score
0.011EPSS
6.1CVSS
6.8AI Score
0.008EPSS
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and....
6.1CVSS
6.2AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this...
6.1CVSS
6AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it...
6.1CVSS
6AI Score
0.003EPSS
5.4CVSS
6.8AI Score
0.001EPSS