Open-Xchange: >> Open-Xchange Appsuite >> 7.10.1 Security Vulnerabilities
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
CVSS Score
6.1
EPSS Score
0.355
Published
2021-01-12
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
CVSS Score
5.0
EPSS Score
0.092
Published
2020-10-23
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-08-31
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
CVSS Score
5.0
EPSS Score
0.001
Published
2020-08-31
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-08-31
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-08-31
OX App Suite through 7.10.3 allows XXE attacks.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-06-16
OX App Suite through 7.10.3 allows XSS.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-06-16
OX App Suite through 7.10.3 has Improper Input Validation.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-16
OX App Suite through 7.10.3 allows SSRF.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-06-16