Lucene search

Open-xchange Documents Security Vulnerabilities

cve

CVE-2023-29044

Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get...

5.4CVSS

5.8AI Score

0.0005EPSS

2023-11-02 02:15 PM

cve

CVE-2023-29043

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain.....

6.1CVSS

6.2AI Score

0.0005EPSS

2023-11-02 02:15 PM

cve

CVE-2023-29045

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between...

5.4CVSS

5.8AI Score

0.0005EPSS

2023-11-02 02:15 PM

cve

CVE-2023-26435

It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited....

5CVSS

4.9AI Score

0.002EPSS

2023-06-20 08:15 AM

cve

CVE-2021-28095

OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of...

4.8CVSS

5.2AI Score

0.001EPSS

2021-07-30 02:15 PM

cve

CVE-2021-28093

OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of...

6.5CVSS

6.5AI Score

0.001EPSS

2021-07-30 02:15 PM

cve

CVE-2021-28094

OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of...

6.5CVSS

6.5AI Score

0.001EPSS

2021-07-30 02:15 PM

cve

CVE-2021-26699

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is...

5.4CVSS

5.4AI Score

0.002EPSS

2021-07-22 05:15 PM

cve

CVE-2021-26698

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is...

6.1CVSS

6AI Score

0.004EPSS

2021-07-22 05:15 PM

cve

CVE-2021-23936

OX App Suite through 7.10.4 allows XSS via the subject of a...

6.1CVSS

6AI Score

0.001EPSS

2021-01-12 10:15 PM

cve

CVE-2021-23933

OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail://...

6.1CVSS

5.9AI Score

0.001EPSS

2021-01-12 10:15 PM

cve

CVE-2021-23935

OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript...

6.1CVSS

5.9AI Score

0.001EPSS

2021-01-12 10:15 PM

cve

CVE-2021-23927

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT...

6.4CVSS

6.3AI Score

0.001EPSS

2021-01-12 10:15 PM

cve

CVE-2021-23931

OX App Suite through 7.10.4 allows XSS via an inline binary...

6.1CVSS

5.9AI Score

0.001EPSS

2021-01-12 10:15 PM

cve

CVE-2021-23934

OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript...

6.1CVSS

5.9AI Score

0.001EPSS

2021-01-12 10:15 PM

cve

CVE-2021-23928

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query...

6.1CVSS

5.9AI Score

0.001EPSS

2021-01-12 10:15 PM

cve

CVE-2021-23930

OX App Suite through 7.10.4 allows XSS via use of the conversion API for a...

6.1CVSS

6AI Score

0.001EPSS

2021-01-12 10:15 PM

cve

CVE-2021-23932

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted...

6.1CVSS

5.9AI Score

0.001EPSS

2021-01-12 10:15 PM

cve

CVE-2021-23929

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/?delivery=view...

6.1CVSS

5.8AI Score

0.001EPSS

2021-01-12 10:15 PM

cve

CVE-2020-24700

OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig....

5.4CVSS

5.5AI Score

0.027EPSS

2021-01-12 08:15 AM

cve

CVE-2020-24701

OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite...

6.1CVSS

5.9AI Score

0.008EPSS

2021-01-12 08:15 AM

cve

CVE-2020-8542

OX App Suite through 7.10.3 allows...

5.4CVSS

5.5AI Score

0.001EPSS

2020-06-16 02:15 PM

cve

CVE-2020-8541

OX App Suite through 7.10.3 allows XXE...

6.5CVSS

6.5AI Score

0.001EPSS

2020-06-16 02:15 PM

cve

CVE-2020-8543

OX App Suite through 7.10.3 has Improper Input...

7.5CVSS

7.5AI Score

0.001EPSS

2020-06-16 02:15 PM

cve

CVE-2020-8544

OX App Suite through 7.10.3 allows...

6.5CVSS

6.5AI Score

0.001EPSS

2020-06-16 02:15 PM

cve

CVE-2019-18846

OX App Suite through 7.10.2 allows...

5CVSS

5.2AI Score

0.002EPSS

2020-02-21 09:15 PM

109

cve

CVE-2016-6842

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed...

6.1CVSS

6.3AI Score

0.001EPSS

2016-12-15 06:59 AM

cve

CVE-2013-6997

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL.....

5.9AI Score

0.003EPSS

2014-01-09 12:55 AM