CVE-2022-23099

OX App Suite through 7.10.6 allows XSS by forcing block-wise read...

EUVD-2023-28616

Malicious code in bioql PyPI...

CVE-2023-24605

OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens...

Open-Xchange App Suite Cross-Site Scripting Vulnerability

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite frontend version 7.10.6-rev33. An attacker can exploit the vulnerability to inject script code...

Open-Xchange App Suite Cross-Site Scripting Vulnerability

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite frontend version 7.10.6-rev34 that stems from script code that is not properly cleaned. An attacker exploiting this vulnerability could us...

CVE-2023-24600

OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls for reading contacts via a move to their own address book...

CVE-2023-24597

OX App Suite before frontend 7.10.6-rev24 allows the loading without user consent of an e-mail message's remote resources during printing...

PT-2023-19702 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev37 Description: The issue allows authenticated users to bypass access controls for reading contacts by moving them to their own address book. Recommendations: For versions prior to 7.10.6-rev37, update...

PT-2023-19704 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev24 Description: The issue allows for XSS via data to the Tumblr portal widget, such as a post title. Recommendations: For versions prior to 7.10.6-rev24, update to version 7.10.6-rev24 or later to...

PT-2023-19700 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev37 Description: The issue is related to an information leak in the handling of distribution lists. This leak can result in the partial disclosure of private contacts of another user. Recommendations: F...

Open-Xchange OX App Suite 信息泄露漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An information disclosure vulnerability exists in Open-Xchange OX App Suite version 7.10.6-rev23. An attacker could exploit the vulnerability to view user privacy...

Open-Xchange OX App Suite 信息泄露漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An information disclosure vulnerability exists in Open-Xchange OX App Suite version 7.10.6-rev23. An attacker could exploit the vulnerability to view user privacy...

Open-Xchange OX App Suite 信息泄露漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An information disclosure vulnerability exists in Open-Xchange OX App Suite version 7.10.6-rev23. An attacker could exploit the vulnerability to view user privacy...

Open-Xchange OX App Suite 跨站脚本漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A cross-site scripting vulnerability exists in Open-Xchange OX App Suite version 7.10.6-rev23. An attacker could exploit the vulnerability to view user privacy...

Open-Xchange OX App Suite 信息泄露漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An information disclosure vulnerability exists in Open-Xchange OX App Suite version 7.10.6-rev23. An attacker could exploit the vulnerability to view user privacy...

Open-Xchange OX App Suite 信息泄露漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An information disclosure vulnerability exists in Open-Xchange OX App Suite version 7.10.6-rev23. An attacker could exploit the vulnerability to view user privacy...

CVE-2022-43699

OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain found in the host part of an e-mail address...

Open-Xchange OX App Suite 跨站脚本漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability previously existed in Open-Xchange OX App Suite version 7.10.6-rev20, which stemmed from the presence of a cross-site scripting vulnerability...

CVE-2022-43696

OX App Suite before 7.10.6-rev20 allows XSS via upsell ads...

Design/Logic Flaw

OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /!!&app=io.ox/files&cap= URI...