Page 6 of 56 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0

OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion." • http://seclists.org/fulldisclosure/2023/May/3 https://open-xchange.com •

CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0

OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data. • http://seclists.org/fulldisclosure/2023/May/3 https://open-xchange.com •

CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0

OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data. • http://seclists.org/fulldisclosure/2023/May/3 https://open-xchange.com •

CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0

OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user. • http://seclists.org/fulldisclosure/2023/May/3 https://open-xchange.com •

CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0

OX App Suite before 7.10.6-rev20 allows XSS via upsell ads. • https://open-xchange.com https://seclists.org/fulldisclosure/2023/Feb/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •