Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get...
5.4CVSS
5.8AI Score
0.0005EPSS
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain.....
6.1CVSS
6.2AI Score
0.0005EPSS
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between...
5.4CVSS
5.8AI Score
0.0005EPSS
It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited....
5CVSS
4.9AI Score
0.002EPSS
OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of...
4.8CVSS
5.2AI Score
0.001EPSS
OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of...
6.5CVSS
6.5AI Score
0.001EPSS
OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of...
6.5CVSS
6.5AI Score
0.001EPSS
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is...
5.4CVSS
5.4AI Score
0.002EPSS
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is...
6.1CVSS
6AI Score
0.004EPSS
6.1CVSS
6AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail://...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT...
6.4CVSS
6.3AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript...
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/?delivery=view...
6.1CVSS
5.8AI Score
0.001EPSS
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig....
5.4CVSS
5.5AI Score
0.027EPSS
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite...
6.1CVSS
5.9AI Score
0.008EPSS
5.4CVSS
5.5AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
5CVSS
5.2AI Score
0.002EPSS
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed...
6.1CVSS
6.3AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL.....
5.9AI Score
0.003EPSS