Vulnerabilities > Open Xchange > OX APP Suite > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-28 CVE-2021-44212 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44213 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44208 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44209 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44210 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44211 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.
network
low complexity
open-xchange CWE-79
5.4
5.4
2021-11-22 CVE-2021-33491 Path Traversal vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.
network
low complexity
open-xchange CWE-22
6.5
6.5
2021-11-22 CVE-2021-33492 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite 7.10.5 allows XSS via an OX Chat room name.
network
low complexity
open-xchange CWE-79
6.1
6.1
2021-11-22 CVE-2021-33493 Code Injection vulnerability in Open-Xchange OX APP Suite 7.10.5
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.
local
low complexity
open-xchange CWE-94
6.0
6.0
2021-11-22 CVE-2021-33494 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.
network
low complexity
open-xchange CWE-79
6.1
6.1