Vulnerabilities > Open Xchange > Open Xchange Appsuite > 7.4.1

DATE CVE VULNERABILITY TITLE RISK
2018-06-16 CVE-2018-5751 Information Exposure vulnerability in Open-Xchange Appsuite
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
network
low complexity
open-xchange CWE-200
4.0
2018-06-16 CVE-2017-17062 Cross-site Scripting vulnerability in Open-Xchange Appsuite
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.
network
low complexity
open-xchange CWE-79
4.0
2017-06-08 CVE-2015-1588 Cross-site Scripting vulnerability in Open-Xchange Appsuite and Open-Xchange Server
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.
4.3
2015-01-07 CVE-2014-8993 Cross-site Scripting vulnerability in Open-Xchange Appsuite
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.
4.3
2015-01-05 CVE-2014-1679 Cross-site Scripting vulnerability in Open-Xchange Appsuite
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.
4.3
2014-11-21 CVE-2014-7871 SQL Injection vulnerability in Open-Xchange Appsuite
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.
network
low complexity
open-xchange CWE-89
6.5
2014-09-17 CVE-2014-5235 Cross-Site Scripting vulnerability in Open-Xchange Appsuite
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.
4.3
2014-09-17 CVE-2014-5234 Cross-Site Scripting vulnerability in Open-Xchange Appsuite
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.
4.3
2014-04-24 CVE-2014-2393 Cross-Site Scripting vulnerability in Open-Xchange Appsuite
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.
4.3
2014-04-24 CVE-2014-2392 Information Exposure vulnerability in Open-Xchange Appsuite
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
4.3