Vulnerabilities > Open Xchange > OX APP Suite > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-25 CVE-2022-31468 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6
OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-07-27 CVE-2022-23101 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6
OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-07-27 CVE-2022-24406 Use of Insufficiently Random Values vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.
network
low complexity
open-xchange CWE-330
6.5
6.5
2022-03-28 CVE-2021-44212 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44213 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44208 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44209 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44210 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44211 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.
network
low complexity
open-xchange CWE-79
5.4
5.4
2021-11-22 CVE-2021-33491 Path Traversal vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.
network
low complexity
open-xchange CWE-22
6.5
6.5