Vulnerabilities > Open Xchange > Open Xchange Appsuite > 7.4.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-02 CVE-2023-26452 SQL Injection vulnerability in Open-Xchange Appsuite
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked.
low complexity
open-xchange CWE-89
8.8
2023-11-02 CVE-2023-26453 SQL Injection vulnerability in Open-Xchange Appsuite
Requests to cache an image could be abused to include SQL queries that would be executed unchecked.
low complexity
open-xchange CWE-89
8.8
2023-11-02 CVE-2023-26454 SQL Injection vulnerability in Open-Xchange Appsuite
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked.
low complexity
open-xchange CWE-89
8.8
2023-11-02 CVE-2023-26455 Improper Authentication vulnerability in Open-Xchange Appsuite
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer.
local
low complexity
open-xchange CWE-287
7.8
2023-11-02 CVE-2023-29043 Cross-site Scripting vulnerability in Open-Xchange Appsuite
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document.
network
low complexity
open-xchange CWE-79
6.1
2023-11-02 CVE-2023-29044 Cross-site Scripting vulnerability in Open-Xchange Appsuite
Documents operations could be manipulated to contain invalid data types, possibly script code.
network
low complexity
open-xchange CWE-79
5.4
2023-11-02 CVE-2023-29045 Cross-site Scripting vulnerability in Open-Xchange Appsuite
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code.
network
low complexity
open-xchange CWE-79
5.4
2023-11-02 CVE-2023-29046 Resource Exhaustion vulnerability in Open-Xchange Appsuite
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged.
network
low complexity
open-xchange CWE-400
4.3
2023-11-02 CVE-2023-29047 SQL Injection vulnerability in Open-Xchange Appsuite
Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements.
low complexity
open-xchange CWE-89
7.3
2022-12-26 CVE-2022-37311 Improper Validation of Specified Quantity in Input vulnerability in Open-Xchange Appsuite
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.
network
low complexity
open-xchange CWE-1284
5.3