Vulnerabilities > Open Xchange
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-11-19 | CVE-2015-7385 | Cross-site Scripting vulnerability in Open-Xchange OX Guard 2.0.0 Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is not properly handled in "Guard PGP Settings." | 4.3 |
| 2015-09-28 | CVE-2015-5375 | Cross-site Scripting vulnerability in Open-Xchange Appsuite and Open-Xchange Server Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties. | 4.3 |
| 2015-02-17 | CVE-2014-9466 | Permissions, Privileges, and Access Controls vulnerability in Open-Xchange Appsuite 7.4.2/7.6.0/7.6.1 Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier." | 4.0 |
| 2015-01-07 | CVE-2014-8993 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type. | 4.3 |
| 2015-01-05 | CVE-2014-1679 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file. | 4.3 |
| 2014-12-27 | CVE-2013-6241 | Information Exposure vulnerability in Open-Xchange Appsuite The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315. | 4.0 |
| 2014-12-01 | CVE-2014-5237 | Cross-Site Request Forgery vulnerability in Open-Xchange APP Suite 7.4.2/7.6.0 Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview. network open-xchange | 4.3 |
| 2014-11-21 | CVE-2014-7871 | SQL Injection vulnerability in Open-Xchange Appsuite SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call. | 6.5 |
| 2014-09-17 | CVE-2014-5235 | Cross-Site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds. | 4.3 |
| 2014-09-17 | CVE-2014-5234 | Cross-Site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name. | 4.3 |