CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2020-8541 – OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation
https://notcve.org/view.php?id=CVE-2020-8541
12 Jun 2020 — OX App Suite through 7.10.3 allows XXE attacks. OX App Suite versiones hasta 7.10.3, permite ataques de tipo XXE OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. • https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 54EXPL: 0CVE-2020-8542 – OX App Suite / OX Documents XSS / SSRF / Bypass
https://notcve.org/view.php?id=CVE-2020-8542
12 Jun 2020 — OX App Suite through 7.10.3 allows XSS. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. • http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 125EXPL: 0CVE-2020-8544 – OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation
https://notcve.org/view.php?id=CVE-2020-8544
12 Jun 2020 — OX App Suite through 7.10.3 allows SSRF. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. • https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 125EXPL: 0CVE-2020-8543 – OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation
https://notcve.org/view.php?id=CVE-2020-8543
12 Jun 2020 — OX App Suite through 7.10.3 has Improper Input Validation. OX App Suite versiones hasta 7.10.3, presenta una Comprobación de Entrada Inapropiada OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. • https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2019-18846 – OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation
https://notcve.org/view.php?id=CVE-2019-18846
21 Feb 2020 — OX App Suite through 7.10.2 allows SSRF. OX App Suite versiones hasta 7.10.2, permite un ataque de tipo SSRF. OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. • http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7486
https://notcve.org/view.php?id=CVE-2013-7486
02 Jan 2020 — Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. Una vulnerabilidad de tipo cross-site scripting (XSS) en el back-end en Open-Xchange (OX) AppSuite versiones 7.2.x anteriores a 7.2.2-rev27 y versiones 7.4.x anteriores a 7.4.0-rev20... • http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7485
https://notcve.org/view.php?id=CVE-2013-7485
02 Jan 2020 — Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. Una vulnerabilidad de tipo cross-site scripting (XSS) en el back-end en Open-Xchange (OX) AppSuite versiones 7.2.x anteriores a la ... • http://osvdb.org/100385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-16716 – OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control
https://notcve.org/view.php?id=CVE-2019-16716
02 Jan 2020 — OX App Suite through 7.10.2 has Incorrect Access Control. OX App Suite versiones hasta la versión 7.10.2, presenta un Control de Acceso Incorrecto. Open-Xchange App Suite versions 7.10.2 and below suffer from cross site scripting and improper access control vulnerabilities. • http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-16717 – OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control
https://notcve.org/view.php?id=CVE-2019-16717
02 Jan 2020 — OX App Suite through 7.10.2 has XSS. OX App Suite versiones hasta la versión 7.10.2, tiene una vulnerabilidad de tipo XSS. Open-Xchange App Suite versions 7.10.2 and below suffer from cross site scripting and improper access control vulnerabilities. • http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2019-14227 – Open-Xchange OX App Suite SSRF / XSS / Information Disclosure / Access Controls
https://notcve.org/view.php?id=CVE-2019-14227
14 Oct 2019 — OX App Suite 7.10.1 and 7.10.2 allows XSS. OX App Suite versión 7.10.1 y versión 7.10.2 permite Cross-Site Scripting (XSS). Various Open-Xchange OX App Suite versions suffer from server-side request forgery, cross site scripting, information disclosure, and improper access control vulnerabilities. • http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •