Open Xchange Appsuite Backend

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-20	CVE-2023-26434	Unspecified vulnerability in Open-Xchange Appsuite Backend When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. network low complexity open-xchange	4.3
2023-06-20	CVE-2023-26435	Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite Backend It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. network low complexity open-xchange CWE-918	5.0
2023-06-20	CVE-2023-26436	Deserialization of Untrusted Data vulnerability in Open-Xchange Appsuite Backend Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. low complexity open-xchange CWE-502	8.8
2017-03-29	CVE-2016-6846	Cross-site Scripting vulnerability in Open-Xchange products Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML. network open-xchange CWE-79	4.3