Vulnerabilities > Open Xchange
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-02 | CVE-2023-26442 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite Office 7.8.3 In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. | 3.2 |
| 2023-08-02 | CVE-2023-26443 | SQL Injection vulnerability in Open-Xchange Appsuite Backend Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. | 9.8 |
| 2023-08-02 | CVE-2023-26445 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. | 5.4 |
| 2023-08-02 | CVE-2023-26446 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. | 5.4 |
| 2023-08-02 | CVE-2023-26447 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend The "upsell" widget for the portal allows to specify a product description. | 5.4 |
| 2023-08-02 | CVE-2023-26448 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. | 5.4 |
| 2023-08-02 | CVE-2023-26449 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend The "OX Chat" web service did not specify a media-type when processing responses by external resources. | 5.4 |
| 2023-08-02 | CVE-2023-26450 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend The "OX Count" web service did not specify a media-type when processing responses by external resources. | 5.4 |
| 2023-08-02 | CVE-2023-26451 | Use of Insufficiently Random Values vulnerability in Open-Xchange Appsuite Backend Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. | 7.5 |
| 2023-06-20 | CVE-2023-26427 | Incorrect Permission Assignment for Critical Resource vulnerability in Open-Xchange Appsuite Backend Default permissions for a properties file were too permissive. | 3.3 |