CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7158 – Open-Xchange AppSuite 7.10.1 Information Disclosure / Improper Access Control
https://notcve.org/view.php?id=CVE-2019-7158
05 Apr 2019 — OX App Suite 7.10.0 and earlier has Incorrect Access Control. OX App Suite versión 7.10.0 y anteriores, presenta un control de acceso incorrecto. Open-Xchange AppSuite versions 7.10.1 and below suffer from information exposure and improper access control vulnerabilities. • https://www.open-xchange.com •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7159 – Open-Xchange AppSuite 7.10.1 Information Disclosure / Improper Access Control
https://notcve.org/view.php?id=CVE-2019-7159
05 Apr 2019 — OX App Suite 7.10.1 and earlier allows Information Exposure. OX App Suite 7.10.1 y versiones anteriores permiten la exposición de la información. Open-Xchange AppSuite versions 7.10.1 and below suffer from information exposure and improper access control vulnerabilities. • https://packetstormsecurity.com/files/152404/Open-Xchange-AppSuite-7.10.1-Information-Disclosure-Improper-Access-Control.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-13103 – Open-Xchange OX App Suite Cross Site Scripting / SSRF
https://notcve.org/view.php?id=CVE-2018-13103
21 Jan 2019 — OX App Suite 7.8.4 and earlier allows SSRF. OX App Suite, en versiones 7.8.4 y anteriores, permite Server-Side Request Forgery (SSRF). Open-Xchange OX App Suite suffers from cross site scripting and server-side request forgery vulnerabilities. The vulnerabilities spawn a multitude of versions. • http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-13104 – Open-Xchange OX App Suite Cross Site Scripting / SSRF
https://notcve.org/view.php?id=CVE-2018-13104
21 Jan 2019 — OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID) OX App Suite, en versiones 7.8.4 y anteriores, permite Cross-Site Scripting (XSS). Referencia interna: 58742 (Bug ID) Open-Xchange OX App Suite suffers from cross site scripting and server-side request forgery vulnerabilities. The vulnerabilities spawn a multitude of versions. • http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12611 – Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-12611
07 Jan 2019 — OX App Suite 7.8.4 and earlier allows Directory Traversal. OX App Suite, en su versión 7.8.4 y anteriores, permite saltos de directorio. Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2019/Jan/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12610 – Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-12610
07 Jan 2019 — OX App Suite 7.8.4 and earlier allows Information Exposure. OX App Suite, en su versión 7.8.4 y anteriores, permite la fuga de información. Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2019/Jan/10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12609 – Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-12609
07 Jan 2019 — OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. OX App Suite, en su versión 7.8.4 y anteriores, permite ataques de Server-Side Request Forgery (SSRF). Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2019/Jan/10 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6913
https://notcve.org/view.php?id=CVE-2017-6913
18 Sep 2018 — Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag. Una vulnerabilidad Cross-Site Scripting (XSS) en Open-Xchange webmail en versiones anteriores a la 7.6.3-rev28 permite que atacantes remotos inyecten scripts web o HTML mediante el atributo event en una etiqueta time. • https://github.com/gquere/CVE-2017-6913 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 77EXPL: 0CVE-2018-9997 – Open-Xchange OX Guard Cross Site Scripting / Signature Validation
https://notcve.org/view.php?id=CVE-2018-9997
02 Jul 2018 — Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets. Vulnerabilidad de Cross-Site Scripting (XSS) en mail compose en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev31, versiones 7.8.x anteriores a la 7.8.2-rev31, versiones 7.8... • http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 89EXPL: 0CVE-2018-9998 – OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-9998
02 Jul 2018 — Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks. Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev37, versiones 7.8.x anteriores a la 7.8.2-rev40, versiones 7.8.3 anteriores a la 7.8.3-rev48 y versiones 7.8.4 anteriores a la 7.8.4-rev28 incluye los nombr... • http://seclists.org/fulldisclosure/2018/Jul/12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •