Open-Xchange: >> Open-Xchange Appsuite Security Vulnerabilities
OX App Suite through 7.10.2 has XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-01-06
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-01-02
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-01-02
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.
CVSS Score
6.1
EPSS Score
0.007
Published
2020-01-02
OX App Suite 7.10.1 and 7.10.2 allows SSRF.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-10-14
OX App Suite through 7.10.2 has Insecure Permissions.
CVSS Score
8.1
EPSS Score
0.002
Published
2019-10-14
OX App Suite 7.10.1 and 7.10.2 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-14
OX App Suite 7.10.1 allows Content Spoofing.
CVSS Score
8.1
EPSS Score
0.003
Published
2019-08-20
OX App Suite 7.10.0 to 7.10.2 allows XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-20
OX App Suite 7.10.1 and earlier has Insecure Permissions.
CVSS Score
3.3
EPSS Score
0.0
Published
2019-08-20