Vulnerabilities > Open Xchange > Open Xchange Appsuite > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-05-22 | CVE-2017-5864 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS). | 4.3 |
2019-05-22 | CVE-2017-9809 | Information Exposure vulnerability in Open-Xchange Appsuite OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure. | 5.0 |
2019-05-10 | CVE-2017-12884 | Information Exposure vulnerability in Open-Xchange Appsuite OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure. | 5.0 |
2019-05-10 | CVE-2017-12885 | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | 4.3 |
2019-03-21 | CVE-2018-13103 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite 7.8.4 and earlier allows SSRF. | 5.5 |
2019-01-30 | CVE-2018-12611 | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite 7.8.4 and earlier allows Directory Traversal. | 4.3 |
2019-01-30 | CVE-2018-12610 | Information Exposure vulnerability in Open-Xchange Appsuite OX App Suite 7.8.4 and earlier allows Information Exposure. | 5.0 |
2019-01-30 | CVE-2018-12609 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | 4.0 |
2018-09-18 | CVE-2017-6913 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag. | 4.3 |
2018-07-05 | CVE-2018-9998 | Information Exposure vulnerability in Open-Xchange Appsuite Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks. | 4.0 |