Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ox_app_suite
(Open\-Xchange)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 51 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-25 | CVE-2022-31468 | OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. | Ox_app_suite | 6.1 | ||
| 2022-10-25 | CVE-2022-31468 | OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. | Ox_app_suite | 6.1 | ||
| 2022-10-25 | CVE-2022-31468 | OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. | Ox_app_suite | 6.1 | ||
| 2022-10-25 | CVE-2022-31468 | OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. | Ox_app_suite | 6.1 | ||
| 2022-10-25 | CVE-2022-29851 | documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | Ox_app_suite | 9.8 | ||
| 2024-05-06 | CVE-2024-23186 | E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known. | Ox_app_suite | 6.1 | ||
| 2024-05-06 | CVE-2024-23187 | Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known. | Ox_app_suite | 6.1 | ||
| 2024-05-06 | CVE-2024-23193 | E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into... | Ox_app_suite | N/A | ||
| 2023-04-15 | CVE-2022-43697 | OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob. | Ox_app_suite | 6.1 | ||
| 2023-04-15 | CVE-2022-43698 | OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list. | Ox_app_suite | 4.3 |