Open-xchange

Open-xchange Appsuite

157 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-7141

  • EPSS 0.3%
  • Published 26.01.2014 20:55:05
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.

4.3

CVE-2013-7142

  • EPSS 0.3%
  • Published 26.01.2014 20:55:05
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.

4.3

CVE-2013-7143

  • EPSS 0.33%
  • Published 26.01.2014 20:55:05
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.

4.3

CVE-2013-6997

  • EPSS 0.48%
  • Published 09.01.2014 00:55:03
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents...

4.3

CVE-2013-6074

  • EPSS 0.48%
  • Published 20.11.2013 13:19:42
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.

4.3

CVE-2013-6009

  • EPSS 0.25%
  • Published 03.10.2013 19:55:21
  • Last modified 11.04.2025 00:51:21

CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.

3.5

CVE-2013-5690

  • EPSS 0.16%
  • Published 03.10.2013 19:55:04
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appoin...

7.5

CVE-2013-5200

Exploit
  • EPSS 0.51%
  • Published 25.09.2013 10:31:29
  • Last modified 11.04.2025 00:51:21

The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modif...

4

CVE-2013-5934

Exploit
  • EPSS 0.24%
  • Published 25.09.2013 10:31:29
  • Last modified 11.04.2025 00:51:21

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password...

4.3

CVE-2013-5935

  • EPSS 0.25%
  • Published 25.09.2013 10:31:29
  • Last modified 11.04.2025 00:51:21

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access ...