Ox_app_suite - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ox_app_suite
(Open\-Xchange)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	45

Date	Id	Summary	Products	Score	Patch	Annotated
2022-07-27	CVE-2022-23101	OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.	Ox_app_suite	6.1
2022-07-27	CVE-2022-24405	OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.	Ox_app_suite	9.8
2021-11-22	CVE-2021-38376	OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.	Ox_app_suite	5.3
2021-11-22	CVE-2021-38377	OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.	Ox_app_suite	6.1
2021-11-22	CVE-2021-38378	OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.	Ox_app_suite	4.3
2022-03-28	CVE-2021-44212	OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.	Ox_app_suite	6.1
2022-03-28	CVE-2021-44213	OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.	Ox_app_suite	6.1
2022-03-28	CVE-2021-44208	OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.	Ox_app_suite	6.1
2022-03-28	CVE-2021-44209	OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.	Ox_app_suite	6.1
2022-03-28	CVE-2021-44210	OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.	Ox_app_suite	6.1