Filtered by vendor Open-xchange Subscriptions
Filtered by product Ox App Suite Subscriptions
Total 45 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-31468 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.
CVE-2022-29851 1 Open-xchange 1 Ox App Suite 2024-11-21 9.8 Critical
documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.
CVE-2022-24406 1 Open-xchange 1 Ox App Suite 2024-11-21 6.5 Medium
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.
CVE-2022-24405 1 Open-xchange 1 Ox App Suite 2024-11-21 9.8 Critical
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.
CVE-2022-23101 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.
CVE-2022-23100 1 Open-xchange 1 Ox App Suite 2024-11-21 9.8 Critical
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).
CVE-2021-44213 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.
CVE-2021-44212 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.
CVE-2021-44211 1 Open-xchange 1 Ox App Suite 2024-11-21 5.4 Medium
OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.
CVE-2021-44210 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.
CVE-2021-44209 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.
CVE-2021-44208 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.
CVE-2021-38378 1 Open-xchange 1 Ox App Suite 2024-11-21 4.3 Medium
OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.
CVE-2021-38377 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.
CVE-2021-38376 1 Open-xchange 1 Ox App Suite 2024-11-21 5.3 Medium
OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.
CVE-2021-38375 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message.
CVE-2021-38374 1 Open-xchange 1 Ox App Suite 2024-11-21 5.4 Medium
OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.
CVE-2021-33495 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite 7.10.5 allows XSS via an OX Chat system message.
CVE-2021-33494 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.
CVE-2021-33493 1 Open-xchange 1 Ox App Suite 2024-11-21 6.0 Medium
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.