EUVD-2023-30268

Malicious code in bioql PyPI...

EUVD-2023-30267

Malicious code in bioql PyPI...

EUVD-2023-28616

Malicious code in bioql PyPI...

CVE-2023-26448

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...

CVE-2023-26448

Open-Xchange AppSuite is affected by CVE-2023-26448 due to unsafe handling of customized login/logout locations defined as jslob, which were not validated for malicious protocol handlers. The underlying issue allows malicious script code to execute in the victim’s context, potentially enabling se...

CVE-2023-26447

CVE-2023-26447 affects Open-Xchange AppSuite’s portal upsell widget, where a product description sourced from a user-controllable jslob is inserted into the DOM without proper escaping. The underlying issue is DOM-based XSS: unescaped jslob content can execute script in the victim’s browser, pote...

CVE-2023-26445

Open-Xchange AppSuite is affected by a frontend/theme handling vulnerability where user-controllable jslob theme settings can reference a malicious resource processed during login. This can allow execution of malicious script in the victim’s browser context, potentially enabling session hijacking...

Open-Xchange AppSuite Cross-Site Scripting Vulnerability

Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to more intuitively manage email, tasks, files, etc. A security vulnerability exists in Open-Xchange AppSuite that stems from a customized login and logout location jslob that ...

PT-2023-20640 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from custom log-in and log-out locations defined as jslob, which were not checked for malicious protocol handlers. This oversight allow...

CVE-2023-24601

OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree...

CVE-2023-24601

OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree...

CVE-2023-24601

OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree...

Cross site scripting

OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree...

CVE-2023-24601

OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree...

CVE-2022-43697

OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob...

Cross site scripting

OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob...

CVE-2022-43697

OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob...

CVE-2014-7871

The CVE-2014-7871 issue affects Open-Xchange App Suite (OX App Suite) via the jslob API, enabling SQL injection through MySQL XPath interpreter (ExtractValue). Vulnerable in 7.6.x before 7.6.0-rev23 and 7.4.2-rev36; fixed versions are 7.4.2-rev36 and 7.6.0-rev23. Impact involves potential arbitra...

CVE-2014-7871

SQL injection vulnerability in Open-Xchange OX AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call...

Open-Xchange SQL injection

SQLi in jslob API...