Open-Xchange: >> Open-Xchange Appsuite >> 7.4.0 Security Vulnerabilities
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
CVSS Score
6.1
EPSS Score
0.355
Published
2021-01-12
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
CVSS Score
5.0
EPSS Score
0.092
Published
2020-10-23
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-08-31
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
CVSS Score
5.0
EPSS Score
0.001
Published
2020-08-31
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-08-31
OX App Suite through 7.10.2 allows SSRF.
CVSS Score
5.0
EPSS Score
0.002
Published
2020-02-21
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.
CVSS Score
7.5
EPSS Score
0.067
Published
2020-01-31
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.
CVSS Score
7.8
EPSS Score
0.009
Published
2020-01-14
OX App Suite through 7.10.2 has Incorrect Access Control.
CVSS Score
6.6
EPSS Score
0.004
Published
2020-01-06
OX App Suite through 7.10.2 has XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-01-06