Open-xchange

Open-xchange Appsuite

157 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2018-5752

Exploit
  • EPSS 1.66%
  • Published 16.06.2018 01:29:06
  • Last modified 21.11.2024 04:09:19

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involvin...

6.5

CVE-2018-5753

Exploit
  • EPSS 1.75%
  • Published 16.06.2018 01:29:06
  • Last modified 21.11.2024 04:09:19

The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal pa...

5.4

CVE-2018-5754

Exploit
  • EPSS 0.32%
  • Published 16.06.2018 01:29:06
  • Last modified 21.11.2024 04:09:19

Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related t...

7.1

CVE-2018-5755

Exploit
  • EPSS 0.62%
  • Published 16.06.2018 01:29:06
  • Last modified 21.11.2024 04:09:19

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a fu...

4.3

CVE-2018-5756

Exploit
  • EPSS 0.72%
  • Published 16.06.2018 01:29:06
  • Last modified 21.11.2024 04:09:19

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users ...

6.5

CVE-2017-17062

Exploit
  • EPSS 1.39%
  • Published 16.06.2018 01:29:02
  • Last modified 21.11.2024 03:17:25

The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privile...

5.3

CVE-2014-2078

  • EPSS 0.19%
  • Published 10.04.2018 15:29:00
  • Last modified 21.11.2024 02:05:35

The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external acco...

6.1

CVE-2015-1588

  • EPSS 0.29%
  • Published 08.06.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.

4.3

CVE-2016-6852

  • EPSS 0.22%
  • Published 15.12.2016 06:59:23
  • Last modified 12.04.2025 10:46:40

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system...

6.1

CVE-2016-6850

  • EPSS 0.27%
  • Published 15.12.2016 06:59:21
  • Last modified 12.04.2025 10:46:40

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewin...