Vulnerabilities > Open Xchange > Open Xchange Appsuite Frontend > 7.8.3

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-02	CVE-2023-26445	Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. network low complexity open-xchange CWE-79	5.4
2023-08-02	CVE-2023-26446	Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. network low complexity open-xchange CWE-79	5.4
2023-08-02	CVE-2023-26447	Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend The "upsell" widget for the portal allows to specify a product description. network low complexity open-xchange CWE-79	5.4
2023-08-02	CVE-2023-26448	Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. network low complexity open-xchange CWE-79	5.4
2023-08-02	CVE-2023-26449	Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend The "OX Chat" web service did not specify a media-type when processing responses by external resources. network low complexity open-xchange CWE-79	5.4
2023-08-02	CVE-2023-26450	Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend The "OX Count" web service did not specify a media-type when processing responses by external resources. network low complexity open-xchange CWE-79	5.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.