1176 matches found
CVE-2021-33493
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format...
CVE-2021-33495
OX App Suite 7.10.5 allows XSS via an OX Chat system message...
CVE-2021-33491
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records...
CVE-2021-33492
OX App Suite 7.10.5 allows XSS via an OX Chat room name...
CVE-2021-33494
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering...
CVE-2021-31934
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object payload in the position or company field that is mishandled in the App Suite UI on a smartphone...
CVE-2021-31935
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list payload in the common name that is mishandled in the scheduling view...
CVE-2022-23101
OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message...
CVE-2022-23099
OX App Suite through 7.10.6 allows XSS by forcing block-wise read...
CVE-2022-23100
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter e.g., through an email attachment...
CVE-2022-37311
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet...
CVE-2022-37307
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...
CVE-2022-37312
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet...
CVE-2022-31469
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!=%2e./ URI...
CVE-2022-31468
OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter...
CVE-2017-12884
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure...
CVE-2017-12885
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting XSS...
CVE-2019-11521
OX App Suite 7.10.1 allows Content Spoofing...
CVE-2019-11806
OX App Suite 7.10.1 and earlier has Insecure Permissions...
CVE-2020-12644
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API...