Open-Xchange: >> Open-Xchange Appsuite >> 7.8.3 Security Vulnerabilities
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
CVSS Score
6.1
EPSS Score
0.355
Published
2021-01-12
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
CVSS Score
5.0
EPSS Score
0.092
Published
2020-10-23
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-08-31
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
CVSS Score
5.0
EPSS Score
0.001
Published
2020-08-31
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-08-31
OX App Suite through 7.10.2 allows SSRF.
CVSS Score
5.0
EPSS Score
0.002
Published
2020-02-21
OX App Suite through 7.10.2 has Incorrect Access Control.
CVSS Score
6.6
EPSS Score
0.004
Published
2020-01-06
OX App Suite through 7.10.2 has XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-01-06
OX App Suite through 7.10.2 has Insecure Permissions.
CVSS Score
8.1
EPSS Score
0.002
Published
2019-10-14
OX App Suite 7.10.1 and earlier has Insecure Permissions.
CVSS Score
3.3
EPSS Score
0.0
Published
2019-08-20