Vulnerabilities > Open Xchange > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-16 | CVE-2018-5756 | Improper Privilege Management vulnerability in Open-Xchange Appsuite The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks. | 4.0 |
| 2018-06-16 | CVE-2018-5753 | Improper Input Validation vulnerability in Open-Xchange Appsuite The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address. | 4.0 |
| 2018-06-16 | CVE-2018-5752 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses. | 6.5 |
| 2018-06-16 | CVE-2018-5751 | Information Exposure vulnerability in Open-Xchange Appsuite The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs. | 4.0 |
| 2018-06-16 | CVE-2017-17062 | Cross-site Scripting vulnerability in Open-Xchange Appsuite The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management. | 4.0 |
| 2018-04-10 | CVE-2014-2078 | Information Exposure vulnerability in Open-Xchange Appsuite 7.4.2 The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts. | 5.0 |
| 2017-06-08 | CVE-2015-1588 | Cross-site Scripting vulnerability in Open-Xchange Appsuite and Open-Xchange Server Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21. | 4.3 |
| 2017-03-29 | CVE-2016-6846 | Cross-site Scripting vulnerability in Open-Xchange products Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML. | 4.3 |
| 2016-12-15 | CVE-2016-6854 | Cross-site Scripting vulnerability in Open-Xchange OX Guard An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. | 4.3 |
| 2016-12-15 | CVE-2016-6853 | Cross-site Scripting vulnerability in Open-Xchange OX Guard An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. | 4.3 |