Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Open\-Xchange_appsuite
(Open\-Xchange)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 157 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-15 | CVE-2018-5751 | The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs. | Open\-Xchange_appsuite | 6.5 | ||
| 2019-03-21 | CVE-2018-13104 | OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID) | Open\-Xchange_appsuite | 5.4 | ||
| 2019-03-21 | CVE-2018-13103 | OX App Suite 7.8.4 and earlier allows SSRF. | Open\-Xchange_appsuite | 5.4 | ||
| 2019-01-30 | CVE-2018-12611 | OX App Suite 7.8.4 and earlier allows Directory Traversal. | Open\-Xchange_appsuite | 6.1 | ||
| 2019-01-30 | CVE-2018-12610 | OX App Suite 7.8.4 and earlier allows Information Exposure. | Open\-Xchange_appsuite | 5.3 | ||
| 2019-01-30 | CVE-2018-12609 | OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | Open\-Xchange_appsuite | 6.5 | ||
| 2018-09-18 | CVE-2017-6913 | Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag. | Open\-Xchange_appsuite | 6.1 | ||
| 2016-12-15 | CVE-2016-6852 | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks. | Open\-Xchange_appsuite | 4.3 | ||
| 2016-12-15 | CVE-2016-6850 | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | Open\-Xchange_appsuite | 6.1 | ||
| 2016-12-15 | CVE-2016-6848 | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution. | Open\-Xchange_appsuite | 5.5 |