Filtered by vendor Open-xchange
Subscribe
Total
246 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6912 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | |||||
| CVE-2017-8340 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | |||||
| CVE-2017-8341 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. | |||||
| CVE-2017-9808 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2017-12884 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure. | |||||
| CVE-2017-12885 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2014-2078 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-04-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts. | |||||
| CVE-2018-13103 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-03-27 | 5.5 MEDIUM | 5.4 MEDIUM |
| OX App Suite 7.8.4 and earlier allows SSRF. | |||||
| CVE-2018-13104 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID) | |||||
| CVE-2018-12611 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.8.4 and earlier allows Directory Traversal. | |||||
| CVE-2018-12610 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-01-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| OX App Suite 7.8.4 and earlier allows Information Exposure. | |||||
| CVE-2018-12609 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-01-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | |||||
| CVE-2014-5237 | 1 Open-xchange | 1 App Suite | 2018-12-18 | 4.3 MEDIUM | N/A |
| Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview. | |||||
| CVE-2017-6913 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag. | |||||
| CVE-2016-6854 | 1 Open-xchange | 1 Ox Guard | 2018-10-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
| CVE-2016-6853 | 1 Open-xchange | 1 Ox Guard | 2018-10-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
| CVE-2016-6851 | 1 Open-xchange | 1 Ox Guard | 2018-10-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks against arbitrary users since no prior authentication is needed. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.) in case the user has an active session on the same domain already. | |||||
| CVE-2016-5740 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-10-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
| CVE-2016-5124 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-10-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering). | |||||
| CVE-2016-4048 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-10-19 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks. | |||||