Filtered by vendor Open-xchange
Subscriptions
Total
246 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-2738 | 1 Open-xchange | 1 Open-xchange | 2024-08-07 | N/A |
The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed. | ||||
CVE-2006-0091 | 1 Open-xchange | 1 Open-xchange | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline. | ||||
CVE-2013-7486 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | 6.1 Medium |
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | ||||
CVE-2013-7485 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | 6.1 Medium |
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | ||||
CVE-2013-7140 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks. | ||||
CVE-2013-7141 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags. | ||||
CVE-2013-7143 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule. | ||||
CVE-2013-7142 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions. | ||||
CVE-2013-6997 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers." | ||||
CVE-2013-6241 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315. | ||||
CVE-2013-6242 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | 6.1 Medium |
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions. | ||||
CVE-2013-6074 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file. | ||||
CVE-2014-9466 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier." | ||||
CVE-2014-8993 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type. | ||||
CVE-2014-7871 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call. | ||||
CVE-2014-5235 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds. | ||||
CVE-2014-5236 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | 7.5 High |
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. | ||||
CVE-2014-5234 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name. | ||||
CVE-2014-5238 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | 7.8 High |
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document. | ||||
CVE-2014-5237 | 1 Open-xchange | 1 App Suite | 2024-08-06 | N/A |
Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview. |