7.5CVSS
7.5AI Score
0.002EPSS
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
4.3CVSS
4.8AI Score
0.001EPSS
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
5CVSS
5.1AI Score
0.001EPSS
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
9.8CVSS
9.2AI Score
0.002EPSS
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
5.4CVSS
5.2AI Score
0.001EPSS
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
5CVSS
5.1AI Score
0.001EPSS
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
4.3CVSS
4.7AI Score
0.001EPSS
4.8CVSS
5.2AI Score
0.001EPSS
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
5.4CVSS
5.5AI Score
0.028EPSS
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
6.1CVSS
5.9AI Score
0.006EPSS
6.5CVSS
6.4AI Score
0.001EPSS
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.
6.1CVSS
5.9AI Score
0.002EPSS
6.5CVSS
6.5AI Score
0.001EPSS
5.4CVSS
5.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
6.4CVSS
6.3AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
6.1CVSS
5.8AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.
6.1CVSS
6AI Score
0.004EPSS
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.
5.4CVSS
5.4AI Score
0.002EPSS
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
6.1CVSS
5.8AI Score
0.001EPSS
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
6.1CVSS
5.8AI Score
0.001EPSS
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.
6.1CVSS
6AI Score
0.001EPSS
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.
6.1CVSS
6AI Score
0.001EPSS
OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.
5.4CVSS
5.3AI Score
0.001EPSS
OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.
5.4CVSS
5.2AI Score
0.001EPSS
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
6.1CVSS
6AI Score
0.001EPSS
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.
5.3CVSS
5.2AI Score
0.001EPSS
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
5.3CVSS
5.2AI Score
0.001EPSS
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
5.3CVSS
5.3AI Score
0.001EPSS
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL st...
8.8CVSS
8.7AI Score
0.001EPSS
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be execut...
8.8CVSS
8.7AI Score
0.001EPSS
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be ...
8.8CVSS
8.7AI Score
0.001EPSS
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenti...
7.8CVSS
7.5AI Score
0.0004EPSS
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain a...
6.1CVSS
6.2AI Score
0.0005EPSS
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get esc...
5.4CVSS
5.8AI Score
0.0005EPSS
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating...
5.4CVSS
5.8AI Score
0.0005EPSS
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time...
4.3CVSS
4.7AI Score
0.0004EPSS