Open-xchange Server@6.20.7 Security Vulnerabilities and Issues — Open-xchange Server@6.20.7 CVE List

Lucene search

Open-xchangeOpen-xchange Server6.20.7

9 matches found

CVE•added 2013/09/05 11:44 a.m.•55 views

CVE-2013-2583

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nest...

4.3CVSS5.8AI score0.00225EPSS

CVE•added 2013/09/05 11:44 a.m.•47 views

CVE-2013-1648

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by ...

3.5CVSS6.3AI score0.00411EPSS

CVE•added 2013/09/05 11:44 a.m.•45 views

CVE-2013-1650

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.

2.1CVSS5.8AI score0.00201EPSS

CVE•added 2013/09/05 11:44 a.m.•42 views

CVE-2013-1651

OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate.

5.8CVSS6.4AI score0.0033EPSS

CVE•added 2013/09/05 11:44 a.m.•41 views

CVE-2013-1647

Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1) the location parameter...

5CVSS7.1AI score0.00758EPSS

CVE•added 2013/09/05 11:44 a.m.•39 views

CVE-2013-1649

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

4.3CVSS6.6AI score0.01286EPSS

CVE•added 2013/09/05 11:44 a.m.•38 views

CVE-2013-1645

Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the publication template path.

4CVSS6.2AI score0.01099EPSS

CVE•added 2013/09/05 11:44 a.m.•37 views

CVE-2013-1646

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST request, (2) an arbitrary parameter to servlet/...

4.3CVSS5.7AI score0.00535EPSS

CVE•added 2013/09/05 11:44 a.m.•37 views

CVE-2013-3106

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript...

4.3CVSS5.7AI score0.00225EPSS