Open\-Xchange_appsuite - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Open\-Xchange_appsuite
(Open\-Xchange)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	157

Date	Id	Summary	Products	Score	Patch	Annotated
2021-04-30	CVE-2021-31934	OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.	Open\-Xchange_appsuite	6.1
2021-04-30	CVE-2021-31935	OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.	Open\-Xchange_appsuite	6.1
2021-05-03	CVE-2020-28945	OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.	Open\-Xchange_appsuite	6.1
2021-07-22	CVE-2021-26698	OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.	Open\-Xchange_appsuite	6.1
2021-07-22	CVE-2021-26699	OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.	Open\-Xchange_appsuite	5.4
2021-07-22	CVE-2021-37402	OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.	Open\-Xchange_appsuite	6.1
2021-07-22	CVE-2021-37403	OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.	Open\-Xchange_appsuite	6.1
2022-12-26	CVE-2022-31469	OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.	Open\-Xchange_appsuite	6.1
2022-12-26	CVE-2022-37307	OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.	Open\-Xchange_appsuite	6.1
2022-12-26	CVE-2022-37311	OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.	Open\-Xchange_appsuite	5.3