Vulnerabilities > Open Xchange > Open Xchange Appsuite > 6.22.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-24 | CVE-2014-2392 | Information Exposure vulnerability in Open-Xchange Appsuite The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | 4.3 |
| 2014-04-24 | CVE-2014-2391 | Information Exposure vulnerability in Open-Xchange Appsuite The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request. | 4.3 |
| 2014-01-26 | CVE-2013-7143 | Cross-Site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule. | 4.3 |
| 2014-01-26 | CVE-2013-7142 | Cross-Site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions. | 4.3 |
| 2014-01-26 | CVE-2013-7141 | Cross-Site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags. | 4.3 |
| 2014-01-26 | CVE-2013-7140 | Information Disclosure vulnerability in Open-Xchange AppSuite XML External Entities XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. | 4.0 |
| 2014-01-09 | CVE-2013-6997 | Cross-Site Scripting vulnerability in Open-Xchange Appsuite Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers." | 4.3 |
| 2013-10-03 | CVE-2013-6009 | Code Injection vulnerability in Open-Xchange Appsuite CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet. | 4.3 |
| 2013-10-03 | CVE-2013-5690 | Cross-Site Scripting vulnerability in Open-Xchange Appsuite Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment. | 3.5 |