3 matches found
CVE-2020-12643
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address...
CVE-2020-12643
CVE-2020-12643 affects OX App Suite 7.10.3 and earlier. The flaw is an incorrect access control in the /api/subscriptions path that can disclose the email address contained in a snippet when requested from another user, due to an improper permission check. Impact is exposure of email addresses; n...
OX App Suite / OX Documents XSS / SSRF / Bypass
Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH...