Open-xchange Appsuite@7.6.0 Security Vulnerabilities and Issues — Open-xchange Appsuite@7.6.0 CVE List

Lucene search

Open-xchangeOpen-xchange Appsuite7.6.0

8 matches found

CVE•added 2020/01/31 10:15 p.m.•140 views

CVE-2014-5236

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.

7.5CVSS7.4AI score0.06674EPSS

CVE•added 2017/06/08 9:29 p.m.•46 views

CVE-2015-1588

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.

6.1CVSS6.1AI score0.00292EPSS

CVE•added 2014/09/17 2:55 p.m.•39 views

CVE-2014-5235

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.

4.3CVSS5.7AI score0.00295EPSS

CVE•added 2014/11/21 3:59 p.m.•37 views

CVE-2014-7871

SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

6.5CVSS8AI score0.00308EPSS

CVE•added 2015/01/07 6:59 p.m.•37 views

CVE-2014-8993

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.

4.3CVSS5.7AI score0.00256EPSS

CVE•added 2015/02/17 3:59 p.m.•37 views

CVE-2014-9466

Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."

4CVSS6.3AI score0.00077EPSS

CVE•added 2014/09/17 2:55 p.m.•36 views

CVE-2014-5234

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.

4.3CVSS5.7AI score0.00295EPSS

CVE•added 2020/01/14 4:15 p.m.•35 views

CVE-2014-5238

XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.

7.8CVSS7.5AI score0.00903EPSS