Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and ...
6.1CVSS
6.2AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerab...
6.1CVSS
6AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affec...
6.1CVSS
6AI Score
0.003EPSS
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.
7.5CVSS
7.4AI Score
0.003EPSS
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.
7.8CVSS
7.5AI Score
0.003EPSS
6.6CVSS
6.5AI Score
0.01EPSS
6.1CVSS
6.3AI Score
0.008EPSS
5CVSS
5.2AI Score
0.002EPSS
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
4.3CVSS
4.8AI Score
0.001EPSS
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
5CVSS
5.1AI Score
0.001EPSS
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
9.8CVSS
9.2AI Score
0.002EPSS
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
5.4CVSS
5.2AI Score
0.001EPSS
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
5CVSS
5.1AI Score
0.001EPSS
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
4.3CVSS
4.7AI Score
0.001EPSS
4.8CVSS
5.2AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
5.4CVSS
5.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS