VYPR

Appsuite

by Open-Xchange

CVEs (218)

  • CVE-2017-12884May 10, 2019
    risk 0.00cvss epss 0.01

    OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.

  • CVE-2017-12885May 10, 2019
    risk 0.00cvss epss 0.01

    OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

  • CVE-2018-13104Mar 17, 2019
    risk 0.00cvss epss 0.01

    OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)

  • CVE-2018-13103Mar 17, 2019
    risk 0.00cvss epss 0.01

    OX App Suite 7.8.4 and earlier allows SSRF.

  • CVE-2018-12610Jan 29, 2019
    risk 0.00cvss epss 0.01

    OX App Suite 7.8.4 and earlier allows Information Exposure.

  • CVE-2018-12609Jan 29, 2019
    risk 0.00cvss epss 0.01

    OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.

  • CVE-2018-12611Jan 29, 2019
    risk 0.00cvss epss 0.01

    OX App Suite 7.8.4 and earlier allows Directory Traversal.

  • CVE-2015-5375Sep 28, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject…

  • CVE-2014-9466Feb 17, 2015
    risk 0.00cvss epss 0.02

    Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."

  • CVE-2014-8993Jan 7, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml…

  • CVE-2014-1679Jan 5, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.

  • CVE-2013-6241Dec 27, 2014
    risk 0.00cvss epss 0.01

    The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain…

  • CVE-2014-5237Dec 1, 2014
    risk 0.00cvss epss 0.02

    Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded…

  • CVE-2014-7871Nov 21, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

  • CVE-2014-5235Sep 17, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.

  • CVE-2014-5234Sep 17, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.

  • CVE-2014-2393Apr 24, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail…

  • CVE-2014-2392Apr 24, 2014
    risk 0.00cvss epss 0.01

    The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2)…

  • CVE-2014-2391Apr 24, 2014
    risk 0.00cvss epss 0.01

    The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote…

  • CVE-2014-2077Mar 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at…

Page 10 of 11