Ox_app_suite - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ox_app_suite
(Open\-Xchange)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	51

Date	Id	Summary	Products	Score	Patch	Annotated
2021-11-22	CVE-2021-33489	OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file.	Ox_app_suite	6.1
2021-11-22	CVE-2021-33490	OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.	Ox_app_suite	6.1
2021-11-22	CVE-2021-33491	OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.	Ox_app_suite	6.5
2021-11-22	CVE-2021-33492	OX App Suite 7.10.5 allows XSS via an OX Chat room name.	Ox_app_suite	6.1
2021-11-22	CVE-2021-33493	The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.	Ox_app_suite	6.0
2021-11-22	CVE-2021-33494	OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.	Ox_app_suite	6.1
2021-11-22	CVE-2021-33495	OX App Suite 7.10.5 allows XSS via an OX Chat system message.	Ox_app_suite	6.1
2021-11-22	CVE-2021-38374	OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.	Ox_app_suite	5.4
2021-11-22	CVE-2021-38375	OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message.	Ox_app_suite	6.1
2021-11-22	CVE-2021-38376	OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.	Ox_app_suite	5.3