Open-xchange Security Vulnerabilities
OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter...
9.8CVSS
9.4AI Score
0.003EPSS
5.4CVSS
5.3AI Score
0.001EPSS
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email...
9.8CVSS
9.6AI Score
0.003EPSS
OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail...
5.4CVSS
5.1AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format)...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS...
6.5CVSS
6.5AI Score
0.002EPSS
6.1CVSS
5.9AI Score
0.001EPSS
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML...
6CVSS
6.2AI Score
0.001EPSS
OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's...
4.3CVSS
4.7AI Score
0.001EPSS
OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation...
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail...
6.1CVSS
5.9AI Score
0.002EPSS
OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API...
5.3CVSS
5.4AI Score
0.001EPSS
chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related...
6.1CVSS
6.1AI Score
0.001EPSS
6.1CVSS
5.8AI Score
0.002EPSS
6.1CVSS
5.9AI Score
0.002EPSS
OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of...
4.8CVSS
5.2AI Score
0.001EPSS
OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of...
6.5CVSS
6.5AI Score
0.001EPSS
OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of...
6.5CVSS
6.5AI Score
0.001EPSS
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is...
5.4CVSS
5.4AI Score
0.002EPSS
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is...
6.1CVSS
6AI Score
0.001EPSS
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been...
6.1CVSS
6AI Score
0.001EPSS
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is...
6.1CVSS
6AI Score
0.004EPSS
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as  that is mishandled in the scheduling...
6.1CVSS
5.8AI Score
0.001EPSS
OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of...
7.5CVSS
7.5AI Score
0.001EPSS
6.5CVSS
6.4AI Score
0.001EPSS
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a...
6.1CVSS
5.8AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail://...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT...
6.4CVSS
6.3AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript...
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/?delivery=view...
6.1CVSS
5.8AI Score
0.001EPSS
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig....
5.4CVSS
5.5AI Score
0.027EPSS
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite...
6.1CVSS
5.9AI Score
0.008EPSS
4.8CVSS
5.2AI Score
0.001EPSS
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message...
5CVSS
5.1AI Score
0.001EPSS
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive...
4.3CVSS
4.7AI Score
0.001EPSS
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF...
5.4CVSS
5.2AI Score
0.001EPSS