Open-xchange Appsuite Security Vulnerabilities and Issues — Open-xchange Appsuite CVE List

Lucene search

Open-xchangeOpen-xchange Appsuite

30 matches found

CVE•added 2018/06/16 1:29 a.m.•130 views

CVE-2018-5754

Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.

5.4CVSS5.6AI score0.00322EPSS

CVE•added 2020/02/21 9:15 p.m.•125 views

CVE-2019-18846

OX App Suite through 7.10.2 allows SSRF.

5CVSS5.2AI score0.00209EPSS

CVE•added 2022/12/26 2:15 a.m.•69 views

CVE-2022-37313

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.

5.3CVSS5.3AI score0.00369EPSS

CVE•added 2022/12/26 4:15 a.m.•63 views

CVE-2022-29852

OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.

5.4CVSS5.3AI score0.00584EPSS

CVE•added 2022/12/26 4:15 a.m.•62 views

CVE-2022-29853

OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.

5.4CVSS5.2AI score0.00584EPSS

CVE•added 2019/10/14 5:15 p.m.•60 views

CVE-2019-14225

OX App Suite 7.10.1 and 7.10.2 allows SSRF.

5.5CVSS5.5AI score0.00221EPSS

CVE•added 2022/12/26 2:15 a.m.•58 views

CVE-2022-37311

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.

5.3CVSS5.2AI score0.00243EPSS

CVE•added 2022/12/26 2:15 a.m.•57 views

CVE-2022-37312

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.

5.3CVSS5.2AI score0.00243EPSS

CVE•added 2019/05/23 4:29 p.m.•46 views

CVE-2017-13668

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

5.4CVSS6.3AI score0.00343EPSS

CVE•added 2023/11/02 2:15 p.m.•46 views

CVE-2023-29044

Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get esc...

5.4CVSS5.8AI score0.00156EPSS

CVE•added 2021/01/12 8:15 a.m.•45 views

CVE-2020-24700

OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.

5.5CVSS5.5AI score0.00295EPSS

CVE•added 2013/09/05 11:44 a.m.•44 views

CVE-2013-2582

CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization ...

5CVSS7.2AI score0.00245EPSS

CVE•added 2016/12/15 6:59 a.m.•44 views

CVE-2016-6848

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without a...

5.5CVSS5.9AI score0.00095EPSS

CVE•added 2019/05/22 7:29 p.m.•42 views

CVE-2017-9809

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.

5.3CVSS5.6AI score0.00237EPSS

CVE•added 2021/07/22 5:15 p.m.•41 views

CVE-2021-26699

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.

5.8CVSS5.4AI score0.00473EPSS

CVE•added 2016/12/15 6:59 a.m.•40 views

CVE-2016-4046

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type,...

5.8CVSS5.7AI score0.00181EPSS

CVE•added 2019/08/20 1:15 p.m.•40 views

CVE-2019-11522

OX App Suite 7.10.0 to 7.10.2 allows XSS.

5.4CVSS5.5AI score0.00181EPSS

CVE•added 2019/05/23 3:29 p.m.•39 views

CVE-2017-17061

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

5.4CVSS6.3AI score0.00343EPSS

CVE•added 2020/10/23 5:15 a.m.•39 views

CVE-2020-15002

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.

5CVSS5.1AI score0.09242EPSS

CVE•added 2019/03/21 4:0 p.m.•37 views

CVE-2018-13103

OX App Suite 7.8.4 and earlier allows SSRF.

5.5CVSS5.5AI score0.00212EPSS

CVE•added 2016/12/15 6:59 a.m.•36 views

CVE-2016-3173

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads t...

5.4CVSS5.8AI score0.00243EPSS

CVE•added 2020/06/16 2:15 p.m.•36 views

CVE-2020-8542

OX App Suite through 7.10.3 allows XSS.

5.4CVSS5.5AI score0.00686EPSS

CVE•added 2018/04/10 3:29 p.m.•35 views

CVE-2014-2078

The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.

5.3CVSS5AI score0.00194EPSS

CVE•added 2019/05/22 8:29 p.m.•33 views

CVE-2017-8341

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.

5.3CVSS5.4AI score0.00289EPSS

CVE•added 2019/01/30 3:29 p.m.•33 views

CVE-2018-12610

OX App Suite 7.8.4 and earlier allows Information Exposure.

5.3CVSS5.5AI score0.00298EPSS

CVE•added 2020/08/31 3:15 p.m.•33 views

CVE-2020-12646

OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.

5.4CVSS5.2AI score0.00343EPSS

CVE•added 2019/03/21 4:0 p.m.•31 views

CVE-2018-13104

OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)

5.4CVSS5.4AI score0.00195EPSS

CVE•added 2020/08/31 3:15 p.m.•30 views

CVE-2020-12644

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.

5CVSS5.1AI score0.00149EPSS

CVE•added 2023/11/02 2:15 p.m.•29 views

CVE-2023-29045

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating...

5.4CVSS5.8AI score0.00156EPSS

CVE•added 2024/02/12 9:15 a.m.•29 views

CVE-2023-41708

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more stric...

5.4CVSS5.5AI score0.00191EPSS