CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7486
https://notcve.org/view.php?id=CVE-2013-7486
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. Una vulnerabilidad de tipo cross-site scripting (XSS) en el back-end en Open-Xchange (OX) AppSuite versiones 7.2.x anteriores a 7.2.2-rev27 y versiones 7.4.x anteriores a 7.4.0-rev20, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de cuerpo de un correo electrónico. NOTA: esta vulnerabilidad fue SPLIT de CVE-2013-6242 porque afecta a diferentes conjuntos de versiones. • http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html http://seclists.org/bugtraq/2013/Nov/127 http://www.securitytracker.com/id/1029394 http://xforce.iss.net/xforce/xfdb/89250 https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7485
https://notcve.org/view.php?id=CVE-2013-7485
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. Una vulnerabilidad de tipo cross-site scripting (XSS) en el back-end en Open-Xchange (OX) AppSuite versiones 7.2.x anteriores a la versión 7.2.2-rev26 y versiones 7.4.x anteriores a la versión 7.4.0-rev16, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del nombre de la publicación, que no es manejado apropiadamente en un mensaje de error. NOTA: esta vulnerabilidad fue SEPARADA de CVE-2013-6242 porque afecta a diferentes conjuntos de versiones. • http://osvdb.org/100385 http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html http://seclists.org/bugtraq/2013/Nov/127 http://secunia.com/advisories/55837 http://www.securitytracker.com/id/1029394 http://xforce.iss.net/xforce/xfdb/89250 http://xforce.iss.net/xforce/xfdb/89251 https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 1%CPEs: 1EXPL: 2CVE-2019-16716 – OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control
https://notcve.org/view.php?id=CVE-2019-16716
OX App Suite through 7.10.2 has Incorrect Access Control. OX App Suite versiones hasta la versión 7.10.2, presenta un Control de Acceso Incorrecto. Open-Xchange App Suite versions 7.10.2 and below suffer from cross site scripting and improper access control vulnerabilities. • http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html http://seclists.org/fulldisclosure/2020/Jan/7 • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-16717 – OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control
https://notcve.org/view.php?id=CVE-2019-16717
OX App Suite through 7.10.2 has XSS. OX App Suite versiones hasta la versión 7.10.2, tiene una vulnerabilidad de tipo XSS. Open-Xchange App Suite versions 7.10.2 and below suffer from cross site scripting and improper access control vulnerabilities. • http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html http://seclists.org/fulldisclosure/2020/Jan/7 https://www.open-xchange.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14226 – Open-Xchange OX App Suite SSRF / XSS / Information Disclosure / Access Controls
https://notcve.org/view.php?id=CVE-2019-14226
OX App Suite through 7.10.2 has Insecure Permissions. OX App Suite hasta la versión 7.10.2 tiene permisos inseguros. Various Open-Xchange OX App Suite versions suffer from server-side request forgery, cross site scripting, information disclosure, and improper access control vulnerabilities. • http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html https://seclists.org/fulldisclosure/2019/Oct/25 • CWE-281: Improper Preservation of Permissions •