Filtered by vendor Open-xchange
Subscriptions
Filtered by product Ox App Suite
Subscriptions
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29050 | 1 Open-xchange | 1 Ox App Suite | 2024-08-26 | 7.6 High |
| The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known. | ||||
| CVE-2021-44213 | 1 Open-xchange | 1 Ox App Suite | 2024-08-04 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. | ||||
| CVE-2021-44212 | 1 Open-xchange | 1 Ox App Suite | 2024-08-04 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring. | ||||
| CVE-2021-44211 | 1 Open-xchange | 1 Ox App Suite | 2024-08-04 | 5.4 Medium |
| OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature. | ||||
| CVE-2021-44208 | 1 Open-xchange | 1 Ox App Suite | 2024-08-04 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. | ||||
| CVE-2021-44209 | 1 Open-xchange | 1 Ox App Suite | 2024-08-04 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. | ||||
| CVE-2021-44210 | 1 Open-xchange | 1 Ox App Suite | 2024-08-04 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data. | ||||
| CVE-2021-38377 | 1 Open-xchange | 1 Ox App Suite | 2024-08-04 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results. | ||||
| CVE-2021-38376 | 1 Open-xchange | 1 Ox App Suite | 2024-08-04 | 5.3 Medium |
| OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. | ||||
| CVE-2021-38374 | 1 Open-xchange | 1 Ox App Suite | 2024-08-04 | 5.4 Medium |
| OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. | ||||
| CVE-2021-38375 | 1 Open-xchange | 1 Ox App Suite | 2024-08-04 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. | ||||
| CVE-2021-38378 | 1 Open-xchange | 1 Ox App Suite | 2024-08-04 | 4.3 Medium |
| OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name. | ||||
| CVE-2021-33492 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.1 Medium |
| OX App Suite 7.10.5 allows XSS via an OX Chat room name. | ||||
| CVE-2021-33491 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.5 Medium |
| OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records. | ||||
| CVE-2021-33488 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.1 Medium |
| chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook. | ||||
| CVE-2021-33495 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.1 Medium |
| OX App Suite 7.10.5 allows XSS via an OX Chat system message. | ||||
| CVE-2021-33490 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. | ||||
| CVE-2021-33489 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. | ||||
| CVE-2021-33494 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.1 Medium |
| OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. | ||||
| CVE-2021-33493 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.0 Medium |
| The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. | ||||