Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Open-xchangeOpen-xchange Appsuite

157 matches found

cve
cveadded 2023/11/02 2:15 p.m.29 views

CVE-2023-29045

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating...

5.4CVSS5.8AI score0.00156EPSS
cve
cveadded 2024/02/12 9:15 a.m.29 views

CVE-2023-41703

User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid...

6.1CVSS6.3AI score0.00468EPSS
cve
cveadded 2024/02/12 9:15 a.m.29 views

CVE-2023-41708

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more stric...

5.4CVSS5.5AI score0.00191EPSS
cve
cveadded 2016/12/15 6:59 a.m.28 views

CVE-2016-6845

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a p...

6.1CVSS6.3AI score0.00265EPSS
cve
cveadded 2016/12/15 6:59 a.m.28 views

CVE-2016-6850

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Ma...

6.1CVSS6.3AI score0.00265EPSS
cve
cveadded 2024/02/12 9:15 a.m.27 views

CVE-2023-41705

Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resou...

6.5CVSS6.5AI score0.00227EPSS
cve
cveadded 2024/02/12 9:15 a.m.27 views

CVE-2023-41707

Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated i...

6.5CVSS6.5AI score0.00227EPSS
Total number of security vulnerabilities157