Open-Xchange: Security Vulnerabilities
OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-07-30
OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32.
CVSS Score
4.8
EPSS Score
0.001
Published
2021-07-30
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-07-22
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-07-22
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-07-22
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-07-22
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as  that is mishandled in the App Suite UI on a smartphone.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-30