Vulnerabilities > Open Xchange

DATE CVE VULNERABILITY TITLE RISK
2024-05-14 CVE-2024-4367 A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context.
network
low complexity
mozilla debian open-xchange
8.8
2024-05-06 CVE-2024-23186 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices.
network
low complexity
open-xchange CWE-79
6.1
2024-05-06 CVE-2024-23187 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite
Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option.
network
low complexity
open-xchange CWE-79
6.1
2024-02-12 CVE-2023-41703 Cross-site Scripting vulnerability in Open-Xchange Appsuite
User ID references at mentions in document comments were not correctly sanitized.
network
low complexity
open-xchange CWE-79
6.1
2024-02-12 CVE-2023-41704 Cross-site Scripting vulnerability in Open-Xchange Appsuite
Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine.
network
low complexity
open-xchange CWE-79
6.1
2024-02-12 CVE-2023-41705 Unspecified vulnerability in Open-Xchange Appsuite
Processing of user-defined DAV user-agent strings is not limited.
network
low complexity
open-xchange
6.5
2024-02-12 CVE-2023-41706 Unspecified vulnerability in Open-Xchange Appsuite
Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.
network
low complexity
open-xchange
6.5
2024-02-12 CVE-2023-41707 Unspecified vulnerability in Open-Xchange Appsuite
Processing of user-defined mail search expressions is not limited.
network
low complexity
open-xchange
6.5
2024-02-12 CVE-2023-41708 Cross-site Scripting vulnerability in Open-Xchange Appsuite
References to the "app loader" functionality could contain redirects to unexpected locations.
network
low complexity
open-xchange CWE-79
5.4
2024-01-08 CVE-2023-29048 OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6
A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user.
network
low complexity
open-xchange CWE-78
8.8