Open-Xchange App Suite License Issues Vulnerability

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite that stems from a call to ChronosRMIService:setEventOrganizer where RMI does not require authentication...

CVE-2019-7159

OX App Suite 7.10.1 and earlier allows Information Exposure...

CVE-2017-17062

The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management...

OpenXchange User Enumeration

Hi@all, there is an information disclosure in OpenXchange prior 7.8. An authenticated user can enumerate all imap user folders. If you browse the PoC you get an permission denied error, but the folder’s name is reflected into the page in json format. About Open Xchange: Open-Xchange2 develops,...

OpenXchange XSS

Dangerous content from application/xhtml+xml is not removed...

OpenXchange crossite scripting

Crossite scripting on MS Office and EML documents viewing...