Open-xchange Appsuite@7.8.0 Security Vulnerabilities and Issues — Open-xchange Appsuite@7.8.0 CVE List

Lucene search

Open-xchangeOpen-xchange Appsuite7.8.0

3 matches found

CVE•added 2016/12/15 6:59 a.m.•42 views

CVE-2016-3174

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end u...

7.4CVSS7.3AI score0.00201EPSS

CVE•added 2016/12/15 6:59 a.m.•37 views

CVE-2016-2840

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context. Wh...

6.1CVSS6.2AI score0.0034EPSS

CVE•added 2016/12/15 6:59 a.m.•37 views

CVE-2016-3173

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads t...

5.4CVSS5.8AI score0.00239EPSS