Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:rev4:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-31935 |
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view. Published: April 30, 2021; 6:15:07 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-31934 |
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone. Published: April 30, 2021; 6:15:07 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-28943 |
OX App Suite 7.10.4 and earlier allows SSRF via a snippet. Published: April 30, 2021; 6:15:07 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2021-23936 |
OX App Suite through 7.10.4 allows XSS via the subject of a task. Published: January 12, 2021; 5:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-23935 |
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. Published: January 12, 2021; 5:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-23934 |
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. Published: January 12, 2021; 5:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-23933 |
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL. Published: January 12, 2021; 5:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-23932 |
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename. Published: January 12, 2021; 5:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-23931 |
OX App Suite through 7.10.4 allows XSS via an inline binary file. Published: January 12, 2021; 5:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-23930 |
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile. Published: January 12, 2021; 5:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-23929 |
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI. Published: January 12, 2021; 5:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-23928 |
OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string. Published: January 12, 2021; 5:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-23927 |
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. Published: January 12, 2021; 5:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2020-24701 |
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI). Published: January 12, 2021; 3:15:13 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-24700 |
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring. Published: January 12, 2021; 3:15:13 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2020-15002 |
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. Published: October 23, 2020; 1:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.0 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-12646 |
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. Published: August 31, 2020; 11:15:10 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2020-12644 |
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. Published: August 31, 2020; 11:15:10 AM -0400 |
V4.0:(not available) V3.1: 5.0 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-12643 |
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. Published: August 31, 2020; 11:15:10 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-18846 |
OX App Suite through 7.10.2 allows SSRF. Published: February 21, 2020; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.0 MEDIUM V2.0: 4.0 MEDIUM |