Appsuite
by Open-Xchange
CVEs (218)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12884 | 0.00 | — | 0.01 | May 10, 2019 | OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure. | |||
| CVE-2017-12885 | 0.00 | — | 0.01 | May 10, 2019 | OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | |||
| CVE-2018-13104 | 0.00 | — | 0.01 | Mar 17, 2019 | OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID) | |||
| CVE-2018-13103 | 0.00 | — | 0.01 | Mar 17, 2019 | OX App Suite 7.8.4 and earlier allows SSRF. | |||
| CVE-2018-12610 | 0.00 | — | 0.01 | Jan 29, 2019 | OX App Suite 7.8.4 and earlier allows Information Exposure. | |||
| CVE-2018-12609 | 0.00 | — | 0.01 | Jan 29, 2019 | OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | |||
| CVE-2018-12611 | 0.00 | — | 0.01 | Jan 29, 2019 | OX App Suite 7.8.4 and earlier allows Directory Traversal. | |||
| CVE-2015-5375 | 0.00 | — | 0.02 | Sep 28, 2015 | Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject… | |||
| CVE-2014-9466 | 0.00 | — | 0.02 | Feb 17, 2015 | Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier." | |||
| CVE-2014-8993 | 0.00 | — | 0.02 | Jan 7, 2015 | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml… | |||
| CVE-2014-1679 | 0.00 | — | 0.01 | Jan 5, 2015 | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file. | |||
| CVE-2013-6241 | 0.00 | — | 0.01 | Dec 27, 2014 | The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain… | |||
| CVE-2014-5237 | 0.00 | — | 0.02 | Dec 1, 2014 | Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded… | |||
| CVE-2014-7871 | 0.00 | — | 0.02 | Nov 21, 2014 | SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call. | |||
| CVE-2014-5235 | 0.00 | — | 0.02 | Sep 17, 2014 | Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds. | |||
| CVE-2014-5234 | 0.00 | — | 0.02 | Sep 17, 2014 | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name. | |||
| CVE-2014-2393 | 0.00 | — | 0.01 | Apr 24, 2014 | Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail… | |||
| CVE-2014-2392 | 0.00 | — | 0.01 | Apr 24, 2014 | The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2)… | |||
| CVE-2014-2391 | 0.00 | — | 0.01 | Apr 24, 2014 | The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote… | |||
| CVE-2014-2077 | 0.00 | — | 0.01 | Mar 20, 2014 | Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at… |
- CVE-2017-12884May 10, 2019risk 0.00cvss —epss 0.01
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.
- CVE-2017-12885May 10, 2019risk 0.00cvss —epss 0.01
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
- CVE-2018-13104Mar 17, 2019risk 0.00cvss —epss 0.01
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)
- CVE-2018-13103Mar 17, 2019risk 0.00cvss —epss 0.01
OX App Suite 7.8.4 and earlier allows SSRF.
- CVE-2018-12610Jan 29, 2019risk 0.00cvss —epss 0.01
OX App Suite 7.8.4 and earlier allows Information Exposure.
- CVE-2018-12609Jan 29, 2019risk 0.00cvss —epss 0.01
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
- CVE-2018-12611Jan 29, 2019risk 0.00cvss —epss 0.01
OX App Suite 7.8.4 and earlier allows Directory Traversal.
- CVE-2015-5375Sep 28, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject…
- CVE-2014-9466Feb 17, 2015risk 0.00cvss —epss 0.02
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."
- CVE-2014-8993Jan 7, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml…
- CVE-2014-1679Jan 5, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.
- CVE-2013-6241Dec 27, 2014risk 0.00cvss —epss 0.01
The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain…
- CVE-2014-5237Dec 1, 2014risk 0.00cvss —epss 0.02
Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded…
- CVE-2014-7871Nov 21, 2014risk 0.00cvss —epss 0.02
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.
- CVE-2014-5235Sep 17, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.
- CVE-2014-5234Sep 17, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.
- CVE-2014-2393Apr 24, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail…
- CVE-2014-2392Apr 24, 2014risk 0.00cvss —epss 0.01
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2)…
- CVE-2014-2391Apr 24, 2014risk 0.00cvss —epss 0.01
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote…
- CVE-2014-2077Mar 20, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at…
Page 10 of 11