Vulnerabilities > Open Xchange

DATE CVE VULNERABILITY TITLE RISK
2022-10-25 CVE-2022-29851 OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6
documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.
network
low complexity
open-xchange CWE-78
critical
 9.8
9.8
2022-07-27 CVE-2022-23099 Cross-site Scripting vulnerability in Open-Xchange APP Suite 7.10.6/7.4.2/7.6.0
OX App Suite through 7.10.6 allows XSS by forcing block-wise read.
network
low complexity
open-xchange CWE-79
5.4
5.4
2022-07-27 CVE-2022-23100 OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).
network
low complexity
open-xchange CWE-78
critical
 9.8
9.8
2022-07-27 CVE-2022-23101 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6
OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-07-27 CVE-2022-24405 OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.
network
low complexity
open-xchange CWE-78
critical
 9.8
9.8
2022-07-27 CVE-2022-24406 Use of Insufficiently Random Values vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.
network
low complexity
open-xchange CWE-330
6.5
6.5
2022-03-28 CVE-2021-44212 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44213 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44208 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.
network
low complexity
open-xchange CWE-79
6.1
6.1
2022-03-28 CVE-2021-44209 Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.
network
low complexity
open-xchange CWE-79
6.1
6.1