Vulnerabilities > Open Xchange > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-02 | CVE-2023-29043 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. | 6.1 |
| 2023-11-02 | CVE-2023-29044 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Documents operations could be manipulated to contain invalid data types, possibly script code. | 5.4 |
| 2023-11-02 | CVE-2023-29045 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. | 5.4 |
| 2023-11-02 | CVE-2023-29046 | Resource Exhaustion vulnerability in Open-Xchange Appsuite Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. | 4.3 |
| 2023-08-02 | CVE-2023-26430 | Command Injection vulnerability in Open-Xchange Appsuite Backend 7.10.6/8.10.0 Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. | 4.3 |
| 2023-08-02 | CVE-2023-26441 | Path Traversal vulnerability in Open-Xchange Appsuite Office 7.8.3 Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. | 5.5 |
| 2023-08-02 | CVE-2023-26445 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. | 5.4 |
| 2023-08-02 | CVE-2023-26446 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. | 5.4 |
| 2023-08-02 | CVE-2023-26447 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend The "upsell" widget for the portal allows to specify a product description. | 5.4 |
| 2023-08-02 | CVE-2023-26448 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Frontend Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. | 5.4 |