Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Open\-Xchange_appsuite
(Open\-Xchange)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 157 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-12-26 | CVE-2022-37312 | OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. | Open\-Xchange_appsuite | 5.3 | ||
| 2022-12-26 | CVE-2022-37313 | OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. | Open\-Xchange_appsuite | 5.3 | ||
| 2022-12-26 | CVE-2022-37308 | OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. | Open\-Xchange_appsuite | 6.1 | ||
| 2022-12-26 | CVE-2022-29852 | OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. | Open\-Xchange_appsuite | 5.4 | ||
| 2022-12-26 | CVE-2022-29853 | OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. | Open\-Xchange_appsuite | 5.4 | ||
| 2022-12-26 | CVE-2022-37309 | OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. | Open\-Xchange_appsuite | 6.1 | ||
| 2022-12-26 | CVE-2022-37310 | OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. | Open\-Xchange_appsuite | 6.1 | ||
| 2023-11-02 | CVE-2023-26452 | Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as... | Open\-Xchange_appsuite | 8.8 | ||
| 2023-11-02 | CVE-2023-26453 | Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly... | Open\-Xchange_appsuite | 8.8 | ||
| 2023-11-02 | CVE-2023-26454 | Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly... | Open\-Xchange_appsuite | 8.8 |