Open-xchange ≫ Open-xchange Appsuite

OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

OX App Suite 7.8.4 and earlier allows SSRF.

OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)

OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.

OX App Suite 7.8.4 and earlier allows Information Exposure.

OX App Suite 7.8.4 and earlier allows Directory Traversal.

Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.

Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML ...

Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder p...

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via v...