Vulnerabilities > Open Xchange > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-23 | CVE-2017-13668 | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | 3.5 |
| 2019-05-23 | CVE-2017-17061 | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | 3.5 |
| 2019-03-21 | CVE-2018-13104 | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite 7.8.4 and earlier allows XSS. | 3.5 |
| 2018-06-16 | CVE-2018-5754 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard. | 3.5 |
| 2016-12-15 | CVE-2016-3173 | Cross-site Scripting vulnerability in Open-Xchange Appsuite An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. | 3.5 |
| 2016-12-15 | CVE-2016-4027 | Information Exposure vulnerability in Open-Xchange Appsuite An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. | 3.5 |
| 2016-12-15 | CVE-2016-4028 | Credentials Management vulnerability in Open-Xchange OX Guard An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. | 3.5 |
| 2016-12-15 | CVE-2016-6848 | 7PK - Security Features vulnerability in Open-Xchange Appsuite An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. | 1.9 |
| 2013-10-03 | CVE-2013-5690 | Cross-Site Scripting vulnerability in Open-Xchange Appsuite Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment. | 3.5 |
| 2013-09-05 | CVE-2013-1648 | Improper Input Validation vulnerability in Open-Xchange Server 6.20.7/6.22.0/6.22.1 The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue. | 3.5 |