CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross-site scripting XSS vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, ...

4.3CVSS5.2AI score0.00942EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:23 a.m.•7 views

CVE-2013-1651

OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate...

5.8CVSS6.6AI score0.01032EPSS

Exploits5References1

RedhatCVE•added 2025/05/22 11:22 a.m.•8 views

CVE-2013-1648

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated b...

3.5CVSS6.6AI score0.01382EPSS

Exploits5References1

RedhatCVE•added 2025/05/22 11:21 a.m.•9 views

CVE-2013-1645

Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. dot dot in the publication template path...

4CVSS6.5AI score0.02939EPSS

Exploits6References1

RedhatCVE•added 2025/05/22 11:21 a.m.•7 views

CVE-2013-1649

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack...

4.3CVSS6.8AI score0.01969EPSS

Exploits4References1

RedhatCVE•added 2025/05/22 4:13 a.m.•7 views

CVE-2013-1647

Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by 1 the location parameter...

5CVSS7.4AI score0.01797EPSS

Exploits5References1

RedhatCVE•added 2025/05/22 12:29 a.m.•8 views

CVE-2013-1646

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via 1 invalid JSON data in a mail-sending POST request, 2 an arbitrary parameter to...

4.3CVSS5.8AI score0.01383EPSS

Exploits5References1

Prion•added 2017/06/08 9:29 p.m.•14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21...

4.3CVSS6.2AI score0.01538EPSS

Exploits0References4Affected Software2

NVD•added 2017/06/08 9:29 p.m.•14 views

CVE-2015-1588

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21...

6.1CVSS6.2AI score0.01538EPSS

Exploits0References4

CVE•added 2017/06/08 9:0 p.m.•57 views

CVE-2015-1588

CVE-2015-1588 affects Open-Xchange Server 6 and OX AppSuite. The issue is multiple cross-site scripting (XSS) vulnerabilities caused by insufficient input filtering in the backend/OX AppSuite, enabling execution of crafted script in a user’s browser context and potential session-related issues. A...

6.1CVSS6.1AI score0.01538EPSS

Exploits0References4Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by