Shodan
Vulnerabilities
Vulnerable Software
Open-Xchange:  >> Open-Xchange Appsuite  >> 7.0.2  Security Vulnerabilities
CVE-2017-12885
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-05-10
CVE-2018-13103
OX App Suite 7.8.4 and earlier allows SSRF.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-03-21
CVE-2018-13104
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)
CVSS Score
5.4
EPSS Score
0.002
Published
2019-03-21
CVE-2018-12609
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-01-30
CVE-2018-12610
OX App Suite 7.8.4 and earlier allows Information Exposure.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-01-30
CVE-2018-12611
OX App Suite 7.8.4 and earlier allows Directory Traversal.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-01-30
CVE-2017-6913
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-09-18
CVE-2018-9997
Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-07-05
CVE-2018-9998
Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-07-05
CVE-2018-5751
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
CVSS Score
6.5
EPSS Score
0.013
Published
2018-06-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved