Page 13 of 72 results (0.012 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

OX App Suite 7.8.4 and earlier allows Directory Traversal. OX App Suite, en su versión 7.8.4 y anteriores, permite saltos de directorio. Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2019/Jan/10 http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

OX App Suite 7.8.4 and earlier allows Information Exposure. OX App Suite, en su versión 7.8.4 y anteriores, permite la fuga de información. Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2019/Jan/10 http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. OX App Suite, en su versión 7.8.4 y anteriores, permite ataques de Server-Side Request Forgery (SSRF). Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2019/Jan/10 http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 77EXPL: 0

Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets. Vulnerabilidad de Cross-Site Scripting (XSS) en mail compose en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev31, versiones 7.8.x anteriores a la 7.8.2-rev31, versiones 7.8.3 anteriores a la 7.8.3-rev41 y versiones 7.8.4 anteriores a la 7.8.4-rev28 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante el atributo data-target en una página HTML con gadgets data-toggle. Open-Xchange OX Guard versions 7.10.2 and below suffer from a cross site scripting vulnerability. Open-Xchange OX Guard versions 7.10.1 and below, 2.10.2 and below suffer from a signature validation vulnerability. • http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html http://seclists.org/fulldisclosure/2018/Jul/12 http://www.securitytracker.com/id/1041213 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 89EXPL: 0

Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks. Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev37, versiones 7.8.x anteriores a la 7.8.2-rev40, versiones 7.8.3 anteriores a la 7.8.3-rev48 y versiones 7.8.4 anteriores a la 7.8.4-rev28 incluye los nombres de carpeta en las respuestas de error de la API. Esto permite que los atacantes remotos obtengan información sensible mediante el parámetro folder en una acción "all" en api/tasks. OX App Suite version 7.8.5 suffers from XML external entity injection, information disclosure, and cross site scripting vulnerabilities. • http://seclists.org/fulldisclosure/2018/Jul/12 http://www.securitytracker.com/id/1041213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •