Total
134 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37311 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | N/A | 5.3 MEDIUM |
| OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. | |||||
| CVE-2022-37312 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | N/A | 5.3 MEDIUM |
| OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. | |||||
| CVE-2021-37403 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. | |||||
| CVE-2021-31935 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view. | |||||
| CVE-2020-28943 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| OX App Suite 7.10.4 and earlier allows SSRF via a snippet. | |||||
| CVE-2021-31934 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone. | |||||
| CVE-2021-26698 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. | |||||
| CVE-2021-26699 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 5.8 MEDIUM | 5.4 MEDIUM |
| OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. | |||||
| CVE-2020-28945 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as . | |||||
| CVE-2020-24701 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI). | |||||
| CVE-2020-15004 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. | |||||
| CVE-2021-23932 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename. | |||||
| CVE-2020-24700 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 5.5 MEDIUM | 5.4 MEDIUM |
| OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring. | |||||