Open-xchange Security Vulnerabilities

CVE-2020-12643

OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email...

CVE-2020-12644

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list...

CVE-2020-12645

OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory...

CVE-2020-8542

OX App Suite through 7.10.3 allows...

CVE-2020-8541

OX App Suite through 7.10.3 allows XXE...

CVE-2020-8543

OX App Suite through 7.10.3 has Improper Input...

CVE-2020-8544

OX App Suite through 7.10.3 allows...

CVE-2020-9426

OX Guard 2.10.3 and earlier allows...

CVE-2020-9427

OX Guard 2.10.3 and earlier allows...

CVE-2019-18846

OX App Suite through 7.10.2 allows...

CVE-2014-5236

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text...

CVE-2014-5238

XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text...

CVE-2019-16716

OX App Suite through 7.10.2 has Incorrect Access...

CVE-2019-16717

OX App Suite through 7.10.2 has...

CVE-2013-7485

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this...

CVE-2013-7486

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it...

CVE-2013-6242

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and....

CVE-2019-14225

OX App Suite 7.10.1 and 7.10.2 allows...

CVE-2019-14227

OX App Suite 7.10.1 and 7.10.2 allows...

CVE-2019-14226

OX App Suite through 7.10.2 has Insecure...

CVE-2019-11806

OX App Suite 7.10.1 and earlier has Insecure...

CVE-2019-11522

OX App Suite 7.10.0 to 7.10.2 allows...

CVE-2019-11521

OX App Suite 7.10.1 allows Content...

CVE-2018-10986

OX Guard 2.8.0 has...

CVE-2019-7159

OX App Suite 7.10.1 and earlier allows Information...

CVE-2019-7158

OX App Suite 7.10.0 and earlier has Incorrect Access...

CVE-2017-13667

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by:...

CVE-2017-13668

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting...

CVE-2017-15030

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting...

CVE-2017-5213

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting...

CVE-2017-5211

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content...

CVE-2017-15029

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by:...

CVE-2017-17060

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure...

CVE-2017-17061

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting...

CVE-2017-5210

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information...

CVE-2017-5212

Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access...

CVE-2017-5863

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access...

CVE-2017-8340

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access...

CVE-2017-6912

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access...

CVE-2017-9808

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting...

CVE-2017-8341

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content...

CVE-2017-8777

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing...

CVE-2017-5864

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting...

CVE-2017-9809

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information...

CVE-2017-12884

OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information...

CVE-2017-12885

OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting...

CVE-2018-13103

OX App Suite 7.8.4 and earlier allows...

CVE-2018-13104

OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug...

CVE-2018-12611

OX App Suite 7.8.4 and earlier allows Directory...

CVE-2018-12609

OX App Suite 7.8.4 and earlier allows Server-Side Request...