Vulnerabilities > Open Xchange > Open Xchange Appsuite > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-15 | CVE-2016-4045 | Cross-site Scripting vulnerability in Open-Xchange Appsuite An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. | 4.3 |
| 2016-12-15 | CVE-2016-4026 | Cross-site Scripting vulnerability in Open-Xchange Appsuite An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. | 4.3 |
| 2016-12-15 | CVE-2016-3174 | Open Redirect vulnerability in Open-Xchange Appsuite An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. | 4.3 |
| 2016-12-15 | CVE-2016-2840 | Cross-site Scripting vulnerability in Open-Xchange Appsuite An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. | 4.3 |
| 2015-09-28 | CVE-2015-5375 | Cross-site Scripting vulnerability in Open-Xchange Appsuite and Open-Xchange Server Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties. | 4.3 |
| 2015-02-17 | CVE-2014-9466 | Permissions, Privileges, and Access Controls vulnerability in Open-Xchange Appsuite 7.4.2/7.6.0/7.6.1 Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier." | 4.0 |
| 2015-01-07 | CVE-2014-8993 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type. | 4.3 |
| 2015-01-05 | CVE-2014-1679 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file. | 4.3 |
| 2014-12-27 | CVE-2013-6241 | Information Exposure vulnerability in Open-Xchange Appsuite The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315. | 4.0 |
| 2014-11-21 | CVE-2014-7871 | SQL Injection vulnerability in Open-Xchange Appsuite SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call. | 6.5 |