43 matches found
CVE-2022-23099
OX App Suite through 7.10.6 allows XSS by forcing block-wise read...
EUVD-2022-28204
Malicious code in bioql PyPI...
EUVD-2023-28616
Malicious code in bioql PyPI...
CVE-2023-24605
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens...
Open-Xchange App Suite Cross-Site Scripting Vulnerability
Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite frontend version 7.10.6-rev33. An attacker can exploit the vulnerability to inject script code...
Open-Xchange App Suite Security Vulnerability
Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite backend version 7.10.6-rev51, version 8.17. An attacker could exploit the vulnerability to discover and modify the application state...
Open-Xchange App Suite Cross-Site Scripting Vulnerability
Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite frontend version 7.10.6-rev34 that stems from script code that is not properly cleaned. An attacker exploiting this vulnerability could us...
CVE-2023-24600
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls for reading contacts via a move to their own address book...
CVE-2023-24599
OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."...
CVE-2023-24601
OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree...
Cross site scripting
OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree...
CVE-2023-24597
OX App Suite before frontend 7.10.6-rev24 allows the loading without user consent of an e-mail message's remote resources during printing...
CVE-2023-24597
OX App Suite before frontend 7.10.6-rev24 allows the loading without user consent of an e-mail message's remote resources during printing...
PT-2023-19702 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev37 Description: The issue allows authenticated users to bypass access controls for reading contacts by moving them to their own address book. Recommendations: For versions prior to 7.10.6-rev37, update...
PT-2023-19704 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev24 Description: The issue allows for XSS via data to the Tumblr portal widget, such as a post title. Recommendations: For versions prior to 7.10.6-rev24, update to version 7.10.6-rev24 or later to...
PT-2023-19700 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev37 Description: The issue is related to an information leak in the handling of distribution lists. This leak can result in the partial disclosure of private contacts of another user. Recommendations: F...
PT-2023-19705 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev37 Description: The issue concerns a lack of size limit checks when downloading data, potentially allowing a crafted iCal feed to provide an unlimited amount of data. This could be exploited, for...
Open-Xchange OX App Suite 信息泄露漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An information disclosure vulnerability exists in Open-Xchange OX App Suite version 7.10.6-rev23. An attacker could exploit the vulnerability to view user privacy...
Open-Xchange OX App Suite 信息泄露漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An information disclosure vulnerability exists in Open-Xchange OX App Suite version 7.10.6-rev23. An attacker could exploit the vulnerability to view user privacy...
Open-Xchange OX App Suite 信息泄露漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An information disclosure vulnerability exists in Open-Xchange OX App Suite version 7.10.6-rev23. An attacker could exploit the vulnerability to view user privacy...