Open-xchange

Ox App Suite

54 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2023-24600

  • EPSS 0.04%
  • Published 29.05.2023 03:15:09
  • Last modified 14.01.2025 15:15:09

OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.

4.3

CVE-2023-24599

  • EPSS 0.06%
  • Published 29.05.2023 03:15:09
  • Last modified 14.01.2025 16:15:27

OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."

4.3

CVE-2023-24598

  • EPSS 0.08%
  • Published 29.05.2023 03:15:09
  • Last modified 14.01.2025 16:15:27

OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user.

5.3

CVE-2023-24597

  • EPSS 0.08%
  • Published 29.05.2023 02:15:09
  • Last modified 21.11.2024 07:48:12

OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing.

6.1

CVE-2022-37306

Exploit
  • EPSS 0.17%
  • Published 16.04.2023 02:15:08
  • Last modified 06.02.2025 18:15:29

OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.

4.3

CVE-2022-43698

  • EPSS 0.07%
  • Published 15.04.2023 02:15:07
  • Last modified 06.02.2025 21:15:18

OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.

4.3

CVE-2022-43699

  • EPSS 0.07%
  • Published 15.04.2023 02:15:07
  • Last modified 06.02.2025 20:15:38

OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).

6.1

CVE-2022-43697

  • EPSS 0.1%
  • Published 15.04.2023 02:15:07
  • Last modified 06.02.2025 21:15:17

OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob.

6.1

CVE-2022-43696

  • EPSS 0.1%
  • Published 15.04.2023 02:15:07
  • Last modified 06.02.2025 16:15:30

OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.

6.1

CVE-2022-31468

  • EPSS 0.15%
  • Published 25.10.2022 19:15:10
  • Last modified 09.05.2025 17:15:49

OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.