Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Open-xchange Subscribe
Filtered by product Ox App Suite
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38374 1 Open-xchange 1 Ox App Suite 2022-10-28 3.5 LOW 5.4 MEDIUM
OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.
CVE-2022-31468 1 Open-xchange 1 Ox App Suite 2022-10-27 N/A 6.1 MEDIUM
OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.
CVE-2022-29851 1 Open-xchange 1 Ox App Suite 2022-10-25 N/A 9.8 CRITICAL
documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.
CVE-2022-24406 1 Open-xchange 1 Ox App Suite 2022-08-03 N/A 6.5 MEDIUM
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.
CVE-2022-24405 1 Open-xchange 1 Ox App Suite 2022-08-03 N/A 9.8 CRITICAL
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.
CVE-2022-23101 1 Open-xchange 1 Ox App Suite 2022-08-03 N/A 6.1 MEDIUM
OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.
CVE-2022-23100 1 Open-xchange 1 Ox App Suite 2022-08-03 N/A 9.8 CRITICAL
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).
CVE-2021-38378 1 Open-xchange 1 Ox App Suite 2022-07-12 4.0 MEDIUM 4.3 MEDIUM
OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.
CVE-2021-38376 1 Open-xchange 1 Ox App Suite 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.
CVE-2021-38377 1 Open-xchange 1 Ox App Suite 2022-07-12 4.3 MEDIUM 6.1 MEDIUM
OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.
CVE-2021-44212 1 Open-xchange 1 Ox App Suite 2022-03-31 4.3 MEDIUM 6.1 MEDIUM
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.
CVE-2021-44213 1 Open-xchange 1 Ox App Suite 2022-03-31 4.3 MEDIUM 6.1 MEDIUM
OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.
CVE-2021-44208 1 Open-xchange 1 Ox App Suite 2022-03-30 4.3 MEDIUM 6.1 MEDIUM
OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.
CVE-2021-44209 1 Open-xchange 1 Ox App Suite 2022-03-30 4.3 MEDIUM 6.1 MEDIUM
OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.
CVE-2021-44211 1 Open-xchange 1 Ox App Suite 2022-03-30 3.5 LOW 5.4 MEDIUM
OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.
CVE-2021-44210 1 Open-xchange 1 Ox App Suite 2022-03-30 4.3 MEDIUM 6.1 MEDIUM
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.
CVE-2021-33494 1 Open-xchange 1 Ox App Suite 2021-11-23 4.3 MEDIUM 6.1 MEDIUM
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.
CVE-2021-33491 1 Open-xchange 1 Ox App Suite 2021-11-23 4.0 MEDIUM 6.5 MEDIUM
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.
CVE-2021-33493 1 Open-xchange 1 Ox App Suite 2021-11-23 3.6 LOW 6.0 MEDIUM
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.
CVE-2021-33492 1 Open-xchange 1 Ox App Suite 2021-11-23 4.3 MEDIUM 6.1 MEDIUM
OX App Suite 7.10.5 allows XSS via an OX Chat room name.