Ox_app_suite - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ox_app_suite
(Open\-Xchange)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	45

Date	Id	Summary	Products	Score	Patch	Annotated
2023-05-29	CVE-2023-24603	OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data.	Ox_app_suite	6.5
2023-05-29	CVE-2023-24604	OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.	Ox_app_suite	4.3
2023-05-29	CVE-2023-24599	OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."	Ox_app_suite	4.3
2023-05-29	CVE-2023-24600	OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.	Ox_app_suite	4.3
2023-05-29	CVE-2023-24601	OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree.	Ox_app_suite	6.1
2023-05-29	CVE-2023-24602	OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.	Ox_app_suite	6.1
2023-04-15	CVE-2022-43696	OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.	Ox_app_suite	6.1
2023-04-15	CVE-2022-43697	OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob.	Ox_app_suite	6.1
2023-04-15	CVE-2022-43698	OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.	Ox_app_suite	4.3
2023-04-16	CVE-2022-37306	OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.	Ox_app_suite	6.1