Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ox_app_suite
(Open\-Xchange)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 45 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-05-29 | CVE-2023-24602 | OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title. | Ox_app_suite | 6.1 | ||
2023-04-15 | CVE-2022-43696 | OX App Suite before 7.10.6-rev20 allows XSS via upsell ads. | Ox_app_suite | 6.1 | ||
2023-04-15 | CVE-2022-43697 | OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob. | Ox_app_suite | 6.1 | ||
2023-04-15 | CVE-2022-43698 | OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list. | Ox_app_suite | 4.3 | ||
2023-04-16 | CVE-2022-37306 | OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger. | Ox_app_suite | 6.1 | ||
2023-04-15 | CVE-2022-43699 | OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address). | Ox_app_suite | 4.3 | ||
2021-11-22 | CVE-2021-38374 | OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. | Ox_app_suite | 5.4 | ||
2022-10-25 | CVE-2022-31468 | OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. | Ox_app_suite | 6.1 | ||
2022-10-25 | CVE-2022-29851 | documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | Ox_app_suite | 9.8 | ||
2022-07-27 | CVE-2022-23100 | OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). | Ox_app_suite | 9.8 |