Vulnerabilities > Open Xchange

DATE CVE VULNERABILITY TITLE RISK
2018-06-16 CVE-2018-5753 Improper Input Validation vulnerability in Open-Xchange Appsuite
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.
network
low complexity
open-xchange CWE-20
6.5
2018-06-16 CVE-2018-5752 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.
network
low complexity
open-xchange CWE-918
8.8
2018-06-16 CVE-2018-5751 Information Exposure vulnerability in Open-Xchange Appsuite
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
network
low complexity
open-xchange CWE-200
6.5
2018-06-16 CVE-2017-17062 Cross-site Scripting vulnerability in Open-Xchange Appsuite
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.
network
low complexity
open-xchange CWE-79
6.5
2018-04-10 CVE-2014-2078 Information Exposure vulnerability in Open-Xchange Appsuite 7.4.2
The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.
network
low complexity
open-xchange CWE-200
5.3
2017-06-08 CVE-2015-1588 Cross-site Scripting vulnerability in Open-Xchange Appsuite and Open-Xchange Server
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.
network
low complexity
open-xchange CWE-79
6.1
2017-03-29 CVE-2016-6846 Cross-site Scripting vulnerability in Open-Xchange products
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML.
network
low complexity
open-xchange CWE-79
6.1
2016-12-15 CVE-2016-6854 Cross-site Scripting vulnerability in Open-Xchange OX Guard 2.4.2
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5.
network
low complexity
open-xchange CWE-79
6.1
2016-12-15 CVE-2016-6853 Cross-site Scripting vulnerability in Open-Xchange OX Guard 2.4.2
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5.
network
low complexity
open-xchange CWE-79
6.1
2016-12-15 CVE-2016-6852 Information Exposure vulnerability in Open-Xchange Appsuite 7.8.2
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8.
network
low complexity
open-xchange CWE-200
4.3