Open-xchange Appsuite@7.8.1 Security Vulnerabilities and Issues — Open-xchange Appsuite@7.8.1 CVE List

Lucene search

Open-xchangeOpen-xchange Appsuite7.8.1

7 matches found

CVE•added 2016/12/15 6:59 a.m.•41 views

CVE-2016-4046

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type,...

5.8CVSS5.7AI score0.00181EPSS

CVE•added 2016/12/15 6:59 a.m.•39 views

CVE-2016-4027

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the...

3.5CVSS4AI score0.00215EPSS

CVE•added 2016/12/15 6:59 a.m.•37 views

CVE-2016-4026

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can b...

6.1CVSS6.2AI score0.00211EPSS

CVE•added 2016/12/15 6:59 a.m.•36 views

CVE-2016-4045

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed w...

6.1CVSS6.2AI score0.00211EPSS

CVE•added 2016/12/15 6:59 a.m.•36 views

CVE-2016-4047

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker...

4.3CVSS4.4AI score0.00133EPSS

CVE•added 2016/12/15 6:59 a.m.•34 views

CVE-2016-5124

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially cra...

6.1CVSS6.2AI score0.00462EPSS

CVE•added 2016/12/15 6:59 a.m.•33 views

CVE-2016-4048

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected b...

4.3CVSS4.6AI score0.00216EPSS