Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
Open-xchangeOpen-xchange Appsuite Frontend

8 matches found

CVE
CVEadded 2024/05/14 6:15 p.m.5482 views

CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

8.8CVSS5.9AI score0.3158EPSS
CVE
CVEadded 2023/08/02 1:15 p.m.2495 views

CVE-2023-26449

The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker woul...

5.4CVSS5.8AI score0.00107EPSS
CVE
CVEadded 2023/08/02 1:15 p.m.2488 views

CVE-2023-26447

The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwante...

5.4CVSS5.5AI score0.00083EPSS
CVE
CVEadded 2023/08/02 1:15 p.m.2487 views

CVE-2023-26446

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would ...

5.4CVSS5.5AI score0.00083EPSS
CVE
CVEadded 2023/08/02 1:15 p.m.2485 views

CVE-2023-26445

Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and AP...

5.4CVSS5.5AI score0.00058EPSS
CVE
CVEadded 2023/08/02 1:15 p.m.2483 views

CVE-2023-26448

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit th...

5.4CVSS5.6AI score0.00083EPSS
CVE
CVEadded 2023/08/02 1:15 p.m.2483 views

CVE-2023-26450

The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker wou...

5.4CVSS5.8AI score0.00107EPSS
CVE
CVEadded 2017/03/29 2:59 p.m.37 views

CVE-2016-6846

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10,...

6.1CVSS6AI score0.00301EPSS