Vulnerabilities > Open Xchange > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-02 | CVE-2023-26442 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite Office 7.8.3 In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. | 3.2 |
| 2023-08-02 | CVE-2023-26438 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Open-Xchange Appsuite Backend 7.10.6/8.10.0 External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. | 3.1 |
| 2023-06-20 | CVE-2023-26427 | Incorrect Permission Assignment for Critical Resource vulnerability in Open-Xchange Appsuite Backend Default permissions for a properties file were too permissive. | 3.3 |
| 2022-03-28 | CVE-2021-44211 | Cross-site Scripting vulnerability in Open-Xchange OX APP Suite 7.10.5 OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature. | 3.5 |
| 2021-11-22 | CVE-2021-33493 | Code Injection vulnerability in Open-Xchange OX APP Suite 7.10.5 The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. | 3.6 |
| 2020-10-23 | CVE-2020-15004 | Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.2/7.10.3 OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. | 3.5 |
| 2020-08-31 | CVE-2020-12646 | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. | 3.5 |
| 2020-06-16 | CVE-2020-8542 | Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2/7.10.3 OX App Suite through 7.10.3 allows XSS. | 3.5 |
| 2019-08-20 | CVE-2019-11522 | Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.0/7.10.1/7.10.2 OX App Suite 7.10.0 to 7.10.2 allows XSS. | 3.5 |
| 2019-08-20 | CVE-2019-11806 | Incorrect Permission Assignment for Critical Resource vulnerability in Open-Xchange Appsuite OX App Suite 7.10.1 and earlier has Insecure Permissions. | 2.1 |