Filtered by vendor Open-xchange
Subscriptions
Total
246 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-43697 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.1 Medium |
OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob. | ||||
CVE-2022-37310 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-03 | 6.1 Medium |
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. | ||||
CVE-2022-37313 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-03 | 5.3 Medium |
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. | ||||
CVE-2022-37309 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-03 | 6.1 Medium |
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. | ||||
CVE-2022-37306 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.1 Medium |
OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger. | ||||
CVE-2022-37312 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-03 | 5.3 Medium |
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. | ||||
CVE-2022-37311 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-03 | 5.3 Medium |
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. | ||||
CVE-2022-37307 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-03 | 6.1 Medium |
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature. | ||||
CVE-2022-37308 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-03 | 6.1 Medium |
OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. | ||||
CVE-2022-31469 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-03 | 6.1 Medium |
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI. | ||||
CVE-2022-31468 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.1 Medium |
OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. | ||||
CVE-2022-29853 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-03 | 5.4 Medium |
OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. | ||||
CVE-2022-29851 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 9.8 Critical |
documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | ||||
CVE-2022-29852 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-03 | 5.4 Medium |
OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. | ||||
CVE-2022-24406 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.5 Medium |
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls. | ||||
CVE-2022-24405 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 9.8 Critical |
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. | ||||
CVE-2022-23100 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 9.8 Critical |
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). | ||||
CVE-2022-23099 | 1 Open-xchange | 1 App Suite | 2024-08-03 | 5.4 Medium |
OX App Suite through 7.10.6 allows XSS by forcing block-wise read. | ||||
CVE-2022-23101 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.1 Medium |
OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. | ||||
CVE-2023-41710 | 1 Open-xchange | 1 Ox App Suite | 2024-08-02 | 5.4 Medium |
User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known. |