Ox_app_suite - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ox_app_suite
(Open\-Xchange)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	45

Date	Id	Summary	Products	Score	Patch	Annotated
2023-05-29	CVE-2023-24602	OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.	Ox_app_suite	6.1
2023-04-15	CVE-2022-43696	OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.	Ox_app_suite	6.1
2023-04-15	CVE-2022-43697	OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob.	Ox_app_suite	6.1
2023-04-15	CVE-2022-43698	OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.	Ox_app_suite	4.3
2023-04-16	CVE-2022-37306	OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.	Ox_app_suite	6.1
2023-04-15	CVE-2022-43699	OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).	Ox_app_suite	4.3
2021-11-22	CVE-2021-38374	OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.	Ox_app_suite	5.4
2022-10-25	CVE-2022-31468	OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.	Ox_app_suite	6.1
2022-10-25	CVE-2022-29851	documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.	Ox_app_suite	9.8
2022-07-27	CVE-2022-23100	OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).	Ox_app_suite	9.8