Open-xchange Appsuite@7.8.2 Security Vulnerabilities and Issues — Open-xchange Appsuite@7.8.2 CVE List

Lucene search

Open-xchangeOpen-xchange Appsuite7.8.2

9 matches found

CVE•added 2016/12/15 6:59 a.m.•46 views

CVE-2016-5740

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This...

6.1CVSS6.2AI score0.00144EPSS

CVE•added 2016/12/15 6:59 a.m.•45 views

CVE-2016-6848

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without a...

5.5CVSS5.9AI score0.001EPSS

CVE•added 2016/12/15 6:59 a.m.•39 views

CVE-2016-6852

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware serv...

4.3CVSS5AI score0.0022EPSS

CVE•added 2016/12/15 6:59 a.m.•38 views

CVE-2016-6843

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a use...

6.1CVSS6.2AI score0.002EPSS

CVE•added 2016/12/15 6:59 a.m.•38 views

CVE-2016-6844

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code can...

6.1CVSS6.3AI score0.00265EPSS

CVE•added 2016/12/15 6:59 a.m.•35 views

CVE-2016-6842

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed wit...

6.1CVSS6.3AI score0.00265EPSS

CVE•added 2016/12/15 6:59 a.m.•34 views

CVE-2016-6847

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This can...

6.1CVSS6.3AI score0.00265EPSS

CVE•added 2016/12/15 6:59 a.m.•30 views

CVE-2016-6845

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a p...

6.1CVSS6.3AI score0.00265EPSS

CVE•added 2016/12/15 6:59 a.m.•30 views

CVE-2016-6850

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Ma...

6.1CVSS6.3AI score0.00265EPSS