CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5375
https://notcve.org/view.php?id=CVE-2015-5375
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties. Vulnerabilidad de XSS en diálogos no especificados para imprimir contenido en el Front End en Open-Xchange Server 6 y OX App Suite en versiones anteriores a 6.22.8-rev8, 6.22.9 en versiones anteriores a 6.22.9-rev15m, 7.x en versiones anteriores a 7.6.1-rev25 y 7.6.2 en versiones anteriores a 7.6.2-rev20, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores desconocidos relacionados con las propiedades del objeto. • http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf http://www.securityfocus.com/archive/1/536523/100/0/threaded http://www.securitytracker.com/id/1034018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5703
https://notcve.org/view.php?id=CVE-2015-5703
SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la llamada a la API public key discovery en Open-Xchange OX Guard en versiones anteriores a 2.0.0-rev8, permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://packetstormsecurity.com/files/133672/Guard-2.0.0-rev7-SQL-Injection.html http://software.open-xchange.com/products/guard/doc/Release_Notes_for_Patch_Release_2626_7.6.2_2015-08-03.pdf http://www.securityfocus.com/archive/1/536523/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1588
https://notcve.org/view.php?id=CVE-2015-1588
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Open-Xchange Server 6 y OX AppSuite, versiones anteriores a la 7.4.2-rev43, 7.6.0-rev38 y 7.6.1-rev21. • http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/535388/100/1100/threaded http://www.securityfocus.com/bid/74350 http://www.securitytracker.com/id/1032202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9466
https://notcve.org/view.php?id=CVE-2014-9466
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier." Open-Xchange (OX) AppSuite and Server anterior a 7.4.2-rev42, 7.6.0 anterior a 7.6.0-rev36, y 7.6.1 anterior a 7.6.1-rev14 no maneja correctamente los permisos de directorios, lo que permite a usuarios remotos autenticados leer ficheros a través de vectores no especificados, relacionado con el 'identificador de carpetas.' • http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html http://www.securityfocus.com/archive/1/534695/100/0/threaded http://www.securityfocus.com/bid/72587 http://www.securitytracker.com/id/1031744 https://exchange.xforce.ibmcloud.com/vulnerabilities/100867 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8993
https://notcve.org/view.php?id=CVE-2014-8993
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type. Vulnerabilidad de XSS en el backend en Open-Xchange (OX) AppSuite anterior a 7.4.2-rev40, 7.6.0 anterior a 7.6.0-rev32, y 7.6.1 anterior a 7.6.1-rev11 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un fichero XHTML manipulado con el tipo MIME application/xhtml+xml. • http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html http://secunia.com/advisories/62031 http://www.securityfocus.com/archive/1/534383/100/0/threaded http://www.securitytracker.com/id/1031488 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •