CVE-2018-13103 – Open-Xchange OX App Suite Cross Site Scripting / SSRF
https://notcve.org/view.php?id=CVE-2018-13103
OX App Suite 7.8.4 and earlier allows SSRF. OX App Suite, en versiones 7.8.4 y anteriores, permite Server-Side Request Forgery (SSRF). Open-Xchange OX App Suite suffers from cross site scripting and server-side request forgery vulnerabilities. The vulnerabilities spawn a multitude of versions. • http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html http://seclists.org/fulldisclosure/2019/Jan/46 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2018-12611 – Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-12611
OX App Suite 7.8.4 and earlier allows Directory Traversal. OX App Suite, en su versión 7.8.4 y anteriores, permite saltos de directorio. Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2019/Jan/10 http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-12610 – Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-12610
OX App Suite 7.8.4 and earlier allows Information Exposure. OX App Suite, en su versión 7.8.4 y anteriores, permite la fuga de información. Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2019/Jan/10 http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-12609 – Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-12609
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. OX App Suite, en su versión 7.8.4 y anteriores, permite ataques de Server-Side Request Forgery (SSRF). Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2019/Jan/10 http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2017-6913
https://notcve.org/view.php?id=CVE-2017-6913
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag. Una vulnerabilidad Cross-Site Scripting (XSS) en Open-Xchange webmail en versiones anteriores a la 7.6.3-rev28 permite que atacantes remotos inyecten scripts web o HTML mediante el atributo event en una etiqueta time. • https://github.com/gquere/CVE-2017-6913 https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •