NotCVE - vendor:"Open-xchange" product:"Open-xchange Appsuite" version:"7.8.4"

Page 4 of 72 results (0.118 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-23934

https://notcve.org/view.php?id=CVE-2021-23934

12 Jan 2021 — OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un contacto cuyo nombre contiene código JavaScript • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-23935

https://notcve.org/view.php?id=CVE-2021-23935

12 Jan 2021 — OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de una cita en el que la ubicación contiene código JavaScript • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-23936

https://notcve.org/view.php?id=CVE-2021-23936

12 Jan 2021 — OX App Suite through 7.10.4 allows XSS via the subject of a task. OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio del asunto de una tarea • https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2020-24700 – OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting

https://notcve.org/view.php?id=CVE-2020-24700

08 Jan 2021 — OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF porque unas peticiones GET son enviadas a nombres de dominio arbitrarios con una subcadena autoconfig. inicial Open-Xchange OX App Suite, OX Guard, and OX Documents suffer from server-side request forgery and cross site scripting vulnerabilities. Some of these issues only affect version 7.10.3 while some aff... • http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 3

CVE-2020-24701 – OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting

https://notcve.org/view.php?id=CVE-2020-24701

08 Jan 2021 — OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI). OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio del mecanismo de carga de la aplicación (el parámetro PATH_INFO en el URI /appsuite) Open-Xchange OX App Suite, OX Guard, and OX Documents suffer from server-side request forgery and cross site scripting vulnerabilities. Some of these issues only affect version 7.10.3 while some affect 7.10.4 and earlier. • http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3

CVE-2020-15002 – OX App Suite / OX Documents 7.10.3 XSS / Server-Side Request Forgery

https://notcve.org/view.php?id=CVE-2020-15002

19 Oct 2020 — OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF por medio de la API de mensajes /ajax/messaging/message OX App Suite and OX Documents versions 7.10.3 and some prior versions suffer from information exposure, server-side request forgery, and cross site scripting vulnerabilities. • https://github.com/skr0x1c0/SSRF-CVE-2020-15002 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12646 – OX App Suite / OX Documents XSS / SSRF / Bypass

https://notcve.org/view.php?id=CVE-2020-12646

21 Aug 2020 — OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. OX App Suite versiones 7.10.3 y anteriores, permiten un ataque de tipo XSS por medio de texto/x-javascript, texto/rdf o un documento PDF OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected. • https://exchange.xforce.ibmcloud.com/vulnerabilities/187114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12644 – OX App Suite / OX Documents XSS / SSRF / Bypass

https://notcve.org/view.php?id=CVE-2020-12644

21 Aug 2020 — OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. OX App Suite versiones 7.10.3 y anteriores, permiten un ataque de tipo SSRF, relacionado con la API de la cuenta de correo y la API /folder/list OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected. • https://exchange.xforce.ibmcloud.com/vulnerabilities/187116 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12643 – OX App Suite / OX Documents XSS / SSRF / Bypass

https://notcve.org/view.php?id=CVE-2020-12643

21 Aug 2020 — OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. OX App Suite versiones 7.10.3 y anteriores, presentan un Control de Acceso Incorrecto por medio de una petición de /api/subscriptions para un fragmento que contiene una dirección de correo electrónico OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected. • http://seclists.org/fulldisclosure/2020/Aug/14 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.5EPSS: 0%CPEs: 125EXPL: 0

CVE-2020-8544 – OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation

https://notcve.org/view.php?id=CVE-2020-8544

12 Jun 2020 — OX App Suite through 7.10.3 allows SSRF. OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. • https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html • CWE-918: Server-Side Request Forgery (SSRF) •

1 2 3 4 5