Open-xchange Appsuite@7.2.1 Security Vulnerabilities and Issues — Open-xchange Appsuite@7.2.1 CVE List

Lucene search

Open-xchangeOpen-xchange Appsuite7.2.1

11 matches found

CVE•added 2014/01/26 8:55 p.m.•42 views

CVE-2013-7140

XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute p...

4CVSS6.4AI score0.00454EPSS

CVE•added 2014/01/26 8:55 p.m.•42 views

CVE-2013-7143

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.

4.3CVSS5.8AI score0.00329EPSS

CVE•added 2014/04/24 5:6 a.m.•40 views

CVE-2014-2391

The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain poten...

4.3CVSS6.6AI score0.0023EPSS

CVE•added 2014/01/26 8:55 p.m.•39 views

CVE-2013-7142

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.

4.3CVSS5.9AI score0.00295EPSS

CVE•added 2014/09/17 2:55 p.m.•39 views

CVE-2014-5235

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.

4.3CVSS5.7AI score0.00295EPSS

CVE•added 2014/01/26 8:55 p.m.•38 views

CVE-2013-7141

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "

4.3CVSS5.8AI score0.00295EPSS

CVE•added 2014/04/24 5:6 a.m.•38 views

CVE-2014-2392

The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer lo...

4.3CVSS6.4AI score0.0023EPSS

CVE•added 2014/09/17 2:55 p.m.•36 views

CVE-2014-5234

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.

4.3CVSS5.7AI score0.00295EPSS

CVE•added 2014/01/09 12:55 a.m.•35 views

CVE-2013-6997

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL h...

4.3CVSS5.9AI score0.00475EPSS

CVE•added 2014/12/27 6:59 p.m.•33 views

CVE-2013-6241

The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, di...

4CVSS6.4AI score0.00176EPSS

CVE•added 2014/04/24 5:6 a.m.•32 views

CVE-2014-2393

Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.

4.3CVSS5.7AI score0.00225EPSS