Vulnerabilites related to open-xchange - open-xchange_appsuite
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 03:36
Severity ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, { lang: "es", value: "OX Software GmbH OX App Suite versión 7.8.4 y anteriores, se ven afectados por: Cross Site Scripting (XSS).", }, ], id: "CVE-2017-9808", lastModified: "2024-11-21T03:36:53.970", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-22T20:29:00.870", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-14 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
OX App Suite 7.10.1 and 7.10.2 allows XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Oct/25 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Oct/25 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:*:*:*:*:*:*:*", matchCriteriaId: "D2C4CC04-9CAA-467A-AE72-CF3AC970296C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*", matchCriteriaId: "AEA29625-42CD-49CC-9E34-858CB6C5D28B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.1 and 7.10.2 allows XSS.", }, { lang: "es", value: "OX App Suite versión 7.10.1 y versión 7.10.2 permite Cross-Site Scripting (XSS).", }, ], id: "CVE-2019-14227", lastModified: "2024-11-21T04:26:14.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-14T17:15:09.350", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Oct/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Oct/25", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 08:15
Modified
2024-11-21 05:15
Severity ?
Summary
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF porque unas peticiones GET son enviadas a nombres de dominio arbitrarios con una subcadena autoconfig. inicial", }, ], id: "CVE-2020-24700", lastModified: "2024-11-21T05:15:50.207", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-12T08:15:13.230", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 05:39
Severity ?
Summary
OX App Suite through 7.10.3 allows XSS.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:-:*:*:*:*:*:*", matchCriteriaId: "B8D06749-1B27-4C7C-9436-1AD842471D19", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev1:*:*:*:*:*:*", matchCriteriaId: "368ECEBC-4553-4A2A-8A2A-A4B8909C321D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev10:*:*:*:*:*:*", matchCriteriaId: "33BFF8F7-DB19-4F7B-9FED-5D3E50E31C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev11:*:*:*:*:*:*", matchCriteriaId: "8E60A592-965B-4ECD-BE52-C8BCF8164A6B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev12:*:*:*:*:*:*", matchCriteriaId: "37DC59B1-D23F-40EB-9F54-0BBBC8FA86E1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev13:*:*:*:*:*:*", matchCriteriaId: "91897609-C38E-47ED-9A45-34C26ACD4558", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev14:*:*:*:*:*:*", matchCriteriaId: "68CD6B95-5EAA-4D14-8958-787E7B8ADD8A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev15:*:*:*:*:*:*", matchCriteriaId: "A4EBEBD1-9E8A-4C18-95FA-E7D83A7DC557", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev16:*:*:*:*:*:*", matchCriteriaId: "6BAF8872-87D9-4271-80AA-E4200E6D8F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev17:*:*:*:*:*:*", matchCriteriaId: "E0FDDD1D-7EDC-4ED8-9288-DA1976B044FF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev18:*:*:*:*:*:*", matchCriteriaId: "AE6BC6B0-66A7-4B0A-9B11-E41A3C29064D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev19:*:*:*:*:*:*", matchCriteriaId: "0B981446-14BE-43A9-86FE-F282E8DA393D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev2:*:*:*:*:*:*", matchCriteriaId: "4190E7EF-E9BF-4B87-B5A7-F1C5639CF701", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev20:*:*:*:*:*:*", matchCriteriaId: "DC995A29-A9DB-4160-BEAD-7E6A3606F802", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev21:*:*:*:*:*:*", matchCriteriaId: "890672A1-63E4-45BA-B4A7-B1DCFCE03E17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev22:*:*:*:*:*:*", matchCriteriaId: "32AB90D5-CF22-45E4-A7E5-A3BC355C051A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev23:*:*:*:*:*:*", matchCriteriaId: "4287D478-7B66-4B94-AF06-FCFA3E3A49E5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev24:*:*:*:*:*:*", matchCriteriaId: "6949270A-47D6-495B-8B3A-CC97351E0B72", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev25:*:*:*:*:*:*", matchCriteriaId: "FF8F4DA7-035F-4C6E-9E97-265CC57A548B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev26:*:*:*:*:*:*", matchCriteriaId: "F6C50535-9E15-418A-8908-23C247CCF861", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev27:*:*:*:*:*:*", matchCriteriaId: "8503C015-94AF-419C-95DE-1A1043811B60", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev3:*:*:*:*:*:*", matchCriteriaId: "8DF4B515-D246-44A9-B4FA-094E33840EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev4:*:*:*:*:*:*", matchCriteriaId: "20D6F057-6D60-45CD-AF64-A17655FE4332", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev5:*:*:*:*:*:*", matchCriteriaId: "8AAEEE04-5D35-4007-9C19-47139D574C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev6:*:*:*:*:*:*", matchCriteriaId: "534A44A6-9F3F-4A95-8397-1264537AF98B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev7:*:*:*:*:*:*", matchCriteriaId: "0FDC984D-9BA2-44A8-A448-0B5FFD3714F8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev8:*:*:*:*:*:*", matchCriteriaId: "10C3CE2E-D599-4E7B-8DF7-CE143D38C248", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev9:*:*:*:*:*:*", matchCriteriaId: "5D50AB43-34ED-4514-A46D-17DCE8C0E13B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:-:*:*:*:*:*:*", matchCriteriaId: "A1E055C3-BE99-4EB8-8D28-1275A1607E01", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev1:*:*:*:*:*:*", matchCriteriaId: "3A43F58A-EF5F-470F-AD23-EA211A257B87", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev10:*:*:*:*:*:*", matchCriteriaId: "AF15D091-E31B-4AF7-8565-A545338443D7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev11:*:*:*:*:*:*", matchCriteriaId: "6530A58D-89B1-4991-8182-2CB39FF0607D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev12:*:*:*:*:*:*", matchCriteriaId: "359C31C1-FC65-4DB5-AC13-78752B991D85", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev13:*:*:*:*:*:*", matchCriteriaId: "20B39EEB-AE1F-41EF-BDA2-0C05583C19A9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev14:*:*:*:*:*:*", matchCriteriaId: "6814E0FE-C61F-4621-BCE9-E315FD27BDF9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev15:*:*:*:*:*:*", matchCriteriaId: "C500DC8B-1E2D-4D9E-89BF-DB1F583FCE1A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev16:*:*:*:*:*:*", matchCriteriaId: "B31AF178-6903-4C9C-85D0-4FC64B523D94", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev17:*:*:*:*:*:*", matchCriteriaId: "78BBF7A1-2683-4A1A-A907-22AA08547C34", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev18:*:*:*:*:*:*", matchCriteriaId: "8E8D7027-437A-4ACA-A4A1-34F2A1E49EFF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev19:*:*:*:*:*:*", matchCriteriaId: "233AF909-1320-4F50-98AE-0C3597EB77B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev2:*:*:*:*:*:*", matchCriteriaId: "8B99076E-CAAF-478A-A6CA-5F4D555F4F13", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev3:*:*:*:*:*:*", matchCriteriaId: "71AD5083-1D8A-4F84-8263-EB724F2BAFB0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev4:*:*:*:*:*:*", matchCriteriaId: "F2E2CBB1-66E4-463E-9C13-36311A5E57CC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev5:*:*:*:*:*:*", matchCriteriaId: "78419EB9-7DBD-4D86-9D9F-D207BE4A5606", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev6:*:*:*:*:*:*", matchCriteriaId: "6CFDEA47-85E0-468F-ACE1-D246C690B8D0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev7:*:*:*:*:*:*", matchCriteriaId: "51A93D40-8EC9-42FA-88B5-2C6A105D45DF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev8:*:*:*:*:*:*", matchCriteriaId: "990A037D-78A9-4BA5-B0E6-66D33B553CCF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev9:*:*:*:*:*:*", matchCriteriaId: "84AB3311-A474-43B3-A613-F876042473A2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*", matchCriteriaId: "D3CF4C4E-3FF0-4B4A-8246-8F8981D66180", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*", matchCriteriaId: "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*", matchCriteriaId: "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*", matchCriteriaId: "B031D97E-A967-4124-8A42-EFA4B3576124", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*", matchCriteriaId: "649774E8-6489-4AD7-95A8-AAF7154B2C05", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*", matchCriteriaId: "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows XSS.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS", }, ], id: "CVE-2020-8542", lastModified: "2024-11-21T05:39:00.043", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-16T14:15:11.617", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Aug/14", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, { source: "cve@mitre.org", tags: [ "Product", "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Aug/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*", matchCriteriaId: "63233ABF-06E1-4819-B885-1028FEA3EB5A", versionEndIncluding: "7.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. Archivos SVG pueden ser usados como imágenes de perfil. En caso de que su estructura XML contenga iframes y código script, este código podría ser ejecutado al llamar a la URL de imagen relacionada o visualizar la imagen de la persona relacionada dentro de un navegador. Un código script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesión o desencadenar acciones no deseadas a través de la interfaz web (envío de correo, eliminación de datos, etc.).", }, ], id: "CVE-2016-6850", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:21.533", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93457", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 08:15
Modified
2024-11-21 05:15
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9451471A-06E1-456C-8B82-ADEB746B97C7", versionEndIncluding: "7.10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio del mecanismo de carga de la aplicación (el parámetro PATH_INFO en el URI /appsuite)", }, ], id: "CVE-2020-24701", lastModified: "2024-11-21T05:15:52.283", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-12T08:15:13.463", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 03:28
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "C77DCBA3-CB5A-4F73-817E-717C8335463E", versionEndIncluding: "7.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.", }, { lang: "es", value: "Open-Xchange GmbH OX App Suite versión 7.8.3 y anteriores, se ven afectados por: Control de Acceso Incorrecto.", }, ], id: "CVE-2017-5863", lastModified: "2024-11-21T03:28:33.297", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-22T20:29:00.277", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-22 17:15
Modified
2024-11-21 05:56
Severity ?
Summary
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*", matchCriteriaId: "D3CF4C4E-3FF0-4B4A-8246-8F8981D66180", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5547:*:*:*:*:*:*", matchCriteriaId: "4284A4B4-42CF-4196-B990-0DE2AC7FF5F8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5572:*:*:*:*:*:*", matchCriteriaId: "1AF0528B-838B-4C80-B91D-D3009EFBD2E5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5623:*:*:*:*:*:*", matchCriteriaId: "927E4E17-02FC-46D6-B1EE-BBB6C710BE63", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5653:*:*:*:*:*:*", matchCriteriaId: "43DECDE0-C942-4B4B-A2E1-63B8E32B7334", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5677:*:*:*:*:*:*", matchCriteriaId: "54F4578F-1515-4F60-B890-421CB3FB09C5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5720:*:*:*:*:*:*", matchCriteriaId: "8853D9CE-A4F6-4935-BEA2-C039E867ADEF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*", matchCriteriaId: "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev10:*:*:*:*:*:*", matchCriteriaId: "F7FD3C9C-7750-4907-BF23-65606E7A6966", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev11:*:*:*:*:*:*", matchCriteriaId: "42BAD919-0599-4303-A7E3-5026AC8F415E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev12:*:*:*:*:*:*", matchCriteriaId: "6D0555E6-057D-475D-9EAF-F1EEC2D2157E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev13:*:*:*:*:*:*", matchCriteriaId: "CDDA5DF9-62FF-4E6F-943C-C70620D56AE9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev14:*:*:*:*:*:*", matchCriteriaId: "A9C26834-176A-4DD0-816E-87F12C2A0980", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev15:*:*:*:*:*:*", matchCriteriaId: "63BA3355-83A5-4758-9208-574760D72AF6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev16:*:*:*:*:*:*", matchCriteriaId: "DEDF0974-91A9-4F6C-B31F-327EBBF2321A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev17:*:*:*:*:*:*", matchCriteriaId: "79FED998-07D0-457B-9CC4-1CDE8D6B26E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev18:*:*:*:*:*:*", matchCriteriaId: "27EAB5B4-8F1A-4069-B150-032BADA92C1F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev19:*:*:*:*:*:*", matchCriteriaId: "265D758D-DA32-46FC-B7A7-1B695C2E7972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*", matchCriteriaId: "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev20:*:*:*:*:*:*", matchCriteriaId: "FE723E1C-E86A-4BC0-85DD-B051B1773A0A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev21:*:*:*:*:*:*", matchCriteriaId: "E441FE6E-2653-4BAE-9EFC-AE195A442804", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev22:*:*:*:*:*:*", matchCriteriaId: "516B7ACF-ABB8-4DBA-9E71-3B57B7C74376", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev23:*:*:*:*:*:*", matchCriteriaId: "60236FC4-81DA-4ED6-8C5B-6BC9FF6A177B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev24:*:*:*:*:*:*", matchCriteriaId: "E186C7BC-F3EC-4B9E-97BC-59CE860DD99B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev25:*:*:*:*:*:*", matchCriteriaId: "FE494389-735E-47FC-9A12-5305FA11735F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev26:*:*:*:*:*:*", matchCriteriaId: "6BD572F0-1B43-4FB5-BAE2-A9169BACFABE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev27:*:*:*:*:*:*", matchCriteriaId: "CD1EAF9A-189B-47B8-A00A-5604D1B8D8A8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev28:*:*:*:*:*:*", matchCriteriaId: "63318E39-A502-4AD8-9C8D-C15F08847BD8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev29:*:*:*:*:*:*", matchCriteriaId: "59C68527-4F08-4436-9D14-8BA65EEEFFC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*", matchCriteriaId: "B031D97E-A967-4124-8A42-EFA4B3576124", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev30:*:*:*:*:*:*", matchCriteriaId: "79A59F84-11DE-4560-A820-8E4F7B715888", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev31:*:*:*:*:*:*", matchCriteriaId: "4C2F2472-91C4-48AF-979A-7C003BBD36CD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*", matchCriteriaId: "649774E8-6489-4AD7-95A8-AAF7154B2C05", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*", matchCriteriaId: "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*", matchCriteriaId: "1AC0DD2C-02D1-4CA9-A05C-81359BD30FA2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev7:*:*:*:*:*:*", matchCriteriaId: "720B7107-09AC-41AB-97BB-DFC3FABFDB55", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev8:*:*:*:*:*:*", matchCriteriaId: "17E4B9E0-D5D3-4291-91A0-15885B559D5B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev9:*:*:*:*:*:*", matchCriteriaId: "7ECB4D19-C148-473B-B0C0-FD9007912F86", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:-:*:*:*:*:*:*", matchCriteriaId: "89BEBFB4-A028-4D5E-846E-7403D3491147", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev1:*:*:*:*:*:*", matchCriteriaId: "FED62869-ACA8-42B1-9AFE-0C0535E2C2F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev10:*:*:*:*:*:*", matchCriteriaId: "CB85F4BA-8E1B-490A-83FC-906EDF990750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev11:*:*:*:*:*:*", matchCriteriaId: "525841F3-E9ED-4593-9163-9DFA114EF5D6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev12:*:*:*:*:*:*", matchCriteriaId: "6382225F-80C8-4A21-AC5F-E1645B420DD5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev13:*:*:*:*:*:*", matchCriteriaId: "3EC95556-A105-4C03-AB54-AAB3A943A22F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev14:*:*:*:*:*:*", matchCriteriaId: "34BB4402-3151-4ED1-BC4E-F00A7E5FDB1E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev15:*:*:*:*:*:*", matchCriteriaId: "96FB19E6-E819-419A-B2C0-717F196A5A52", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev16:*:*:*:*:*:*", matchCriteriaId: "433C2CBB-E3D7-4209-81DA-E183B2BF23A6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev17:*:*:*:*:*:*", matchCriteriaId: "B2117B25-DABE-47B2-9337-5FAC000EC558", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev2:*:*:*:*:*:*", matchCriteriaId: "97039EE9-3567-4C10-9A85-8BED8C76BEDF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev3:*:*:*:*:*:*", matchCriteriaId: "AF1AAB93-9205-47FB-BEC3-EC7DF9A20732", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev4:*:*:*:*:*:*", matchCriteriaId: "E9A3E84C-665F-470C-8D19-31446ABFF7D3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev5:*:*:*:*:*:*", matchCriteriaId: "45C98776-55CE-4AF8-9141-75E0B86AE844", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev6:*:*:*:*:*:*", matchCriteriaId: "E94C88CD-9A26-45DE-A408-956D693FDE29", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev7:*:*:*:*:*:*", matchCriteriaId: "005CA94F-FA8A-474C-8135-CA0158D192F8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev8:*:*:*:*:*:*", matchCriteriaId: "4D01DFB9-FFE1-4635-8D59-E2325AADAAF1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev9:*:*:*:*:*:*", matchCriteriaId: "B051C6E0-334E-45A2-990B-81FE7E4FB507", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.", }, { lang: "es", value: "OX App Suite versiones anteriores a 7.10.3-rev4 y 7.10.4 versiones anteriores a 7.10.4-rev4, permite un ataque de tipo SSRF por medio de un documento SVG compartido que es manejado inapropiadamente por el componente imageconverter cuando la extensión .png es usada", }, ], id: "CVE-2021-26699", lastModified: "2024-11-21T05:56:41.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-22T17:15:09.343", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html | Mitigation, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/539394/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/92922 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/40378/ | Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html | Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/539394/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92922 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40378/ | Mitigation, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*", matchCriteriaId: "63233ABF-06E1-4819-B885-1028FEA3EB5A", versionEndIncluding: "7.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev5. Un código JavaScript puede ser usado como parte de adjuntos ical dentro de E-Mails de programación. Este contenido, por ejemplo la ubicación de una reunión, se presentará al usuario en la aplicación de correo electrónico, dependiendo del flujo de trabajo de la invitación. Este código se ejecuta dentro del contexto de la sesión actual del usuario. El código script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesión o activar acciones no deseadas a través de la interfaz web (envío de correo, eliminación de datos, etc.).", }, ], id: "CVE-2016-5740", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:14.253", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/539394/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/92922", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40378/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/539394/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/92922", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40378/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-12 09:15
Modified
2024-11-21 08:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.
No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "7804FF21-94F6-4160-9628-B91ED4CDDCB6", versionEndExcluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "3159C504-0462-4AA9-9137-F25961B67ED6", versionEndExcluding: "7.10.6", versionStartExcluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "F37B7CC3-A4D2-4CA5-8159-FE1A9016F9A0", versionEndExcluding: "8.20", versionStartExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:-:*:*:*:*:*:*", matchCriteriaId: "7AB04398-3973-4503-959E-FA8EE511DA45", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3464:*:*:*:*:*:*", matchCriteriaId: "161CD641-C9EC-4FBE-BFFD-48C96FE71085", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3519:*:*:*:*:*:*", matchCriteriaId: "73F1F959-F82B-4E00-91AE-C39037A93DDF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3569:*:*:*:*:*:*", matchCriteriaId: "E151E1EA-DA35-47CB-80C2-359518C213FD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3627:*:*:*:*:*:*", matchCriteriaId: "156910B8-F553-4F4C-B990-131F04001AB2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3728:*:*:*:*:*:*", matchCriteriaId: "13248A9A-D131-4596-A511-A18A83F9D4C2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3875:*:*:*:*:*:*", matchCriteriaId: "54936294-45A6-410B-B6F6-CC2CEFCE937E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3922:*:*:*:*:*:*", matchCriteriaId: "8EDB7577-5763-41A1-90A7-7D7F225F8C14", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3949:*:*:*:*:*:*", matchCriteriaId: "39B4BD56-3236-4AE0-93F6-F0E0190C77AD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3991:*:*:*:*:*:*", matchCriteriaId: "6F20C5D9-6DCA-4F3F-A9A8-FACAE5C4AB18", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4047:*:*:*:*:*:*", matchCriteriaId: "F94B78AE-45FE-4BA7-BFD6-55767F8C3A0E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4133:*:*:*:*:*:*", matchCriteriaId: "B103D02E-C443-446B-A358-A052866BC624", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4423:*:*:*:*:*:*", matchCriteriaId: "4D578FCB-EE90-4BB9-9E28-DC1FA139787C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4470:*:*:*:*:*:*", matchCriteriaId: "71380C28-6A25-425B-BE7F-6D06E0CE5C2F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4552:*:*:*:*:*:*", matchCriteriaId: "DDBF0D2F-2C22-448E-A0D2-E66527188928", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4667:*:*:*:*:*:*", matchCriteriaId: "50EC169C-73B6-40F5-8C7A-6DD71DC19893", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4750:*:*:*:*:*:*", matchCriteriaId: "4B2CA948-280B-4EB8-9309-B016C9557A64", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4789:*:*:*:*:*:*", matchCriteriaId: "36511A48-EBD8-40C2-A1FB-10F33264CF3F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4839:*:*:*:*:*:*", matchCriteriaId: "EBE8374F-0D7D-422F-83AC-ADF9B9E6E511", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4860:*:*:*:*:*:*", matchCriteriaId: "285B9A4B-6F4F-4899-AD2A-57E22BF9F7BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4895:*:*:*:*:*:*", matchCriteriaId: "5BAD0604-90FC-4647-854A-E10330579B89", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5104:*:*:*:*:*:*", matchCriteriaId: "7F26505E-0F61-40A2-B6BA-17C7E30D375C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5165:*:*:*:*:*:*", matchCriteriaId: "FD3E0ABC-2DAC-4441-96DB-BD84DD8B8E81", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5231:*:*:*:*:*:*", matchCriteriaId: "347700F5-3BDA-4DA3-AA81-4D593E131AB9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5537:*:*:*:*:*:*", matchCriteriaId: "5EF075DE-44C7-4FC0-9BD7-E7A2C95651D8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5637:*:*:*:*:*:*", matchCriteriaId: "5CB6B4D0-E2B8-44F3-877B-293325EF44A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5910:*:*:*:*:*:*", matchCriteriaId: "716CC742-9F23-4734-9CFF-338A231476D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*", matchCriteriaId: "0F56A261-EC62-423C-B487-35EA9D4A83FB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*", matchCriteriaId: "D295E160-C87A-498D-AB0E-BA1E50825249", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*", matchCriteriaId: "A30BE138-D745-4F0E-AAE4-202A1C769C85", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*", matchCriteriaId: "7CF4FCB9-7360-4ABB-95FB-0239CDC8D3AD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*", matchCriteriaId: "465DD666-3499-4911-A1DF-6BAAFCCFA006", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*", matchCriteriaId: "6F18CEDC-5D7A-4496-8B5E-59EBEA4362BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*", matchCriteriaId: "8C1DE547-F217-4518-AD90-3607AE21F6ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.\r\n No publicly available exploits are known.", }, { lang: "es", value: "El procesamiento de expresiones de búsqueda de correo definidas por el usuario no está limitado. La disponibilidad de OX App Suite podría verse reducida debido a la alta carga de procesamiento. Implemente las actualizaciones y lanzamientos de parches proporcionados. Ahora se supervisa el tiempo de procesamiento de las expresiones de búsqueda de correo y la solicitud relacionada finaliza si se alcanza un umbral de recursos. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-41707", lastModified: "2024-11-21T08:21:30.967", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-12T09:15:11.253", references: [ { source: "security@open-xchange.com", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:51
Severity ?
7.6 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "59D4F30E-2F52-4948-9C69-C57472833C79", versionEndExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n", }, { lang: "es", value: "Se podría abusar de las solicitudes para almacenar en caché una imagen y devolver sus metadatos para incluir consultas SQL que se ejecutarían sin comprobar. Explotar esta vulnerabilidad requiere al menos acceso a redes adyacentes del servicio de conversión de imágenes, que no está expuesto a redes públicas de forma predeterminada. Se podrían ejecutar sentencias SQL Arbitrarias en el contexto de la cuenta de usuario de la base de datos de servicios. Las solicitudes de API ahora se verifican correctamente para detectar contenido válido y los intentos de omitir esta verificación se registran como errores. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-26452", lastModified: "2024-11-21T07:51:29.443", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 6, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-02T14:15:10.647", references: [ { source: "security@open-xchange.com", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-26 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "567B4139-220A-46A7-B847-616F99A1EA66", versionEndIncluding: "7.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8DAEED7B-C295-42B4-A60B-2EAA596E3D65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.", }, { lang: "es", value: "Vulnerabilidad XSS en Open-Xchange (OX) AppSuite v7.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del título en una regla de filtrado de correo.", }, ], id: "CVE-2013-7143", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-01-26T20:55:05.970", references: [ { source: "cve@mitre.org", url: "http://seclists.org/bugtraq/2014/Jan/57", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/102195", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/65013", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1029650", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90546", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/bugtraq/2014/Jan/57", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/102195", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029650", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90546", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-20 13:15
Modified
2024-11-21 04:21
Severity ?
Summary
OX App Suite 7.10.1 and earlier has Insecure Permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "406B2F3E-3EF1-4BAA-ACC4-BE941F893CF6", versionEndIncluding: "7.10.1", versionStartIncluding: "7.6.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.1 and earlier has Insecure Permissions.", }, { lang: "es", value: "OX App Suite 7.10.1 y versiones anteriores tienen permisos inseguros.", }, ], id: "CVE-2019-11806", lastModified: "2024-11-21T04:21:47.867", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-20T13:15:11.713", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_server | 6.20.7 | |
| open-xchange | open-xchange_server | 6.22.0 | |
| open-xchange | open-xchange_server | 6.22.1 | |
| open-xchange | open-xchange_server | 7.0.1 | |
| open-xchange | open-xchange_server | 7.0.2 | |
| open-xchange | open-xchange_server | 7.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "EE83E623-175D-4F81-B92E-C170FDD896EC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "58989467-7850-4D91-86D4-524EBE325869", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "BED21777-8642-49AC-A99F-87ED9B21FE14", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4FBAE267-EAB9-403A-8E1D-7C8EE68F0A36", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F5500DAF-78C2-4E30-AB1C-EF623C43956B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "CB2BB8DD-3901-44D7-9C35-C9403B6A919D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244.", }, { lang: "es", value: "Múltiples vulnerabilidades XSS en Open-Xchange AppSuite y Server anterior a 6.20.7 rev14, 6.22.0 anterior a rev13, y 6.22.1 anterior a rev14, 7.0.1 anterior a rev7, 7.0.2 anterior a rev11, y 7.2.0 anterior a rev8, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) VBScript, embebido (2) contenido object/data Base64 , (3) una cabecera Content-Type , o (4) codificación UTF-16 , aka Bug IDs 25957, 26237, 26243, and 26244.", }, ], id: "CVE-2013-3106", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-05T11:44:57.690", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/537959/100/0/threaded | ||
| cve@mitre.org | http://www.securitytracker.com/id/1035469 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/537959/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035469 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev25:*:*:*:*:*:*", matchCriteriaId: "E5A73DBD-F757-4DDC-92D8-32D9FDDDF352", versionEndIncluding: "7.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The \"session\" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts.", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange Server 6 / OX AppSuite en versiones anteriores a 7.8.0-rev26. El parámetro \"session\" para peticiones de descarga de archivos puede emplearse para inyectar código script que se refleja a través de la posterior página de estado. El código script malicioso puede ser ejecutado dentro de un contexto de dominio de confianza. Mientras que ningún dato específico de OX App Suite puede ser manipulado, la vulnerabilidad puede ser explotada sin ser autenticado y por tanto ser utilizada para ataques de ingeniería social, robando cookies o redirigiendo desde hosts confiables a maliciosos.", }, ], id: "CVE-2016-2840", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:01.113", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/537959/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035469", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/537959/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035469", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-09-28 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_server | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev19:*:*:*:*:*:*", matchCriteriaId: "39C9EC22-8E52-4C03-A8A5-B304C327D353", versionEndIncluding: "7.6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:*:*:*:*:*:*:*:*", matchCriteriaId: "7BA0371D-7E0E-4DC0-AC16-360BA998EB95", versionEndIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties.", }, { lang: "es", value: "Vulnerabilidad de XSS en diálogos no especificados para imprimir contenido en el Front End en Open-Xchange Server 6 y OX App Suite en versiones anteriores a 6.22.8-rev8, 6.22.9 en versiones anteriores a 6.22.9-rev15m, 7.x en versiones anteriores a 7.6.1-rev25 y 7.6.2 en versiones anteriores a 7.6.2-rev20, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores desconocidos relacionados con las propiedades del objeto.", }, ], id: "CVE-2015-5375", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-09-28T16:59:08.193", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/536523/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1034018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/536523/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034018", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*", matchCriteriaId: "63233ABF-06E1-4819-B885-1028FEA3EB5A", versionEndIncluding: "7.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files \"in browser\" based on our Mail or Drive app. In case of \"a\" tags, this may include link targets with base64 encoded \"data\" references. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. El código de secuencia de comandos dentro de los archivos SVG se mantiene al abrir dichos archivos \"en el navegador\" en función de nuestra aplicación Correo o Drive. En el caso de las etiquetas \"a\", esto puede incluir objetivos de enlace con referencias de \"datos\" codificadas en base64. El código de script malicioso se puede ejecutar dentro del contexto de un usuario. Esto puede conducir al secuestro de sesión o activar acciones no deseadas a través de la interfaz web (envío de correo, eliminación de datos, etc.)", }, ], id: "CVE-2016-6844", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:17.207", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93457", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-09-17 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "567B4139-220A-46A7-B847-616F99A1EA66", versionEndIncluding: "7.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8DAEED7B-C295-42B4-A60B-2EAA596E3D65", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*", matchCriteriaId: "A0A22E01-73E0-4140-8BA1-AB147A9471CD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.", }, { lang: "es", value: "Vulnerabilidad de XSS en el Frontend en Open-Xchange (OX) AppSuite anterior a 7.4.2-rev33 y 7.6.x anterior a 7.6.0-rev16 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con campos no especificados en canales RSS.", }, ], id: "CVE-2014-5235", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-09-17T14:55:03.497", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/61080", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/533443/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/69792", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/61080", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/533443/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/69792", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:56
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "59D4F30E-2F52-4948-9C69-C57472833C79", versionEndExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.\n\n", }, { lang: "es", value: "Las conexiones a fuentes de datos externas, como la configuración automática de correo electrónico, no finalizaban en caso de que se agotara el tiempo de espera, sino que esas conexiones se registraban. Algunas conexiones utilizan endpoints controlados por el usuario, que podrían ser maliciosos e intentar mantener la conexión abierta durante un período prolongado. Como resultado, los usuarios pudieron activar una gran cantidad de conexiones de red de salida, lo que posiblemente agotó los recursos del grupo de redes y bloqueó solicitudes legítimas. Se ha introducido un nuevo mecanismo para cancelar conexiones externas que podrían acceder a endpoints controlados por el usuario. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-29046", lastModified: "2024-11-21T07:56:26.547", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-02T14:15:11.217", references: [ { source: "security@open-xchange.com", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*", matchCriteriaId: "63233ABF-06E1-4819-B885-1028FEA3EB5A", versionEndIncluding: "7.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. Un código script puede ser inyectado en nombres de contactos. Cuando se añaden estos contactos a un grupo, el código script es ejecutado en el contexto del usuario que crea o cambia el grupo utilizando el autocompletado. En muchos casos se trata de un usuario con permisos elevados. El código script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesión o activar acciones no deseadas a través de la interfaz web (envío de correo, eliminación de datos, etc.).", }, ], id: "CVE-2016-6843", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:16.207", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93457", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 16:29
Modified
2024-11-21 03:11
Severity ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, { lang: "es", value: "OX Software GmbH OX App Suite versión 7.8.4 y anteriores, se ven afectados por: Cross Site Scripting (XSS).", }, ], id: "CVE-2017-13668", lastModified: "2024-11-21T03:11:23.413", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T16:29:08.370", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2025-04-11 00:51
Severity ?
Summary
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_server | 6.22.0 | |
| open-xchange | open-xchange_server | 6.22.1 | |
| open-xchange | open-xchange_server | 7.0.1 | |
| open-xchange | open-xchange_server | 7.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "58989467-7850-4D91-86D4-524EBE325869", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "BED21777-8642-49AC-A99F-87ED9B21FE14", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4FBAE267-EAB9-403A-8E1D-7C8EE68F0A36", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F5500DAF-78C2-4E30-AB1C-EF623C43956B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.", }, { lang: "es", value: "Vulnerabilidad de inyección CRLF en el servlet para redirigir en Open-Xchange AppSuite y Server anterior a v6.22.0 rev15, v6.22.1 anterior a rev17, v7.0.1 anterior a rev6, y v7.0.2 anterior a rev7 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de redirección abierta mediante el aprovechamiento de saneamiento inadecuado de espacios en blanco.", }, ], id: "CVE-2013-2582", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-05T11:44:57.587", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-26 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "567B4139-220A-46A7-B847-616F99A1EA66", versionEndIncluding: "7.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8DAEED7B-C295-42B4-A60B-2EAA596E3D65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted \"<%\" tags.", }, { lang: "es", value: "Vulnerabilidad XSS en Open-Xchange (OX) AppSuite v7.4.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados relacionados con etiquetas \"<%\" manipuladas.", }, ], id: "CVE-2013-7141", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-01-26T20:55:05.907", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/102192", }, { source: "cve@mitre.org", url: "http://seclists.org/bugtraq/2014/Jan/57", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/65009", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1029650", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90544", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/102192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/bugtraq/2014/Jan/57", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65009", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029650", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90544", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 03:28
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "C77DCBA3-CB5A-4F73-817E-717C8335463E", versionEndIncluding: "7.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).", }, { lang: "es", value: "Open-Xchange GmbH OX App Suite versión 7.8.3 y anteriores, se ven afectados por: Cross Site Scripting (XSS).", }, ], id: "CVE-2017-5864", lastModified: "2024-11-21T03:28:33.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-22T20:29:00.370", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 04:59
Severity ?
Summary
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/Aug/14 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Vendor Advisory | |
| nvd@nist.gov | https://exchange.xforce.ibmcloud.com/vulnerabilities/187116 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/Aug/14 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.", }, { lang: "es", value: "OX App Suite versiones 7.10.3 y anteriores, permiten un ataque de tipo SSRF, relacionado con la API de la cuenta de correo y la API /folder/list", }, ], id: "CVE-2020-12644", lastModified: "2024-11-21T04:59:58.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-31T15:15:10.243", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/Aug/14", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, { source: "nvd@nist.gov", tags: [ "Third Party Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/187116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/Aug/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:51
Severity ?
7.6 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "59D4F30E-2F52-4948-9C69-C57472833C79", versionEndExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n", }, { lang: "es", value: "Se podría abusar de las solicitudes para almacenar en caché una imagen para incluir consultas SQL que se ejecutarían sin comprobar. Explotar esta vulnerabilidad requiere al menos acceso a redes adyacentes del servicio de conversión de imágenes, que no está expuesto a redes públicas de forma predeterminada. Se podrían ejecutar sentencias SQL Arbitrarias en el contexto de la cuenta de usuario de la base de datos de servicios. Las solicitudes de API ahora se verifican correctamente para detectar contenido válido y los intentos de omitir esta verificación se registran como errores. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-26453", lastModified: "2024-11-21T07:51:29.680", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 6, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-02T14:15:10.737", references: [ { source: "security@open-xchange.com", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 04:59
Severity ?
Summary
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Aug/14 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Aug/14 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.", }, { lang: "es", value: "OX App Suite versiones 7.10.3 y anteriores, presentan un Control de Acceso Incorrecto por medio de una petición de /api/subscriptions para un fragmento que contiene una dirección de correo electrónico", }, ], id: "CVE-2020-12643", lastModified: "2024-11-21T04:59:58.307", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-31T15:15:10.133", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Aug/14", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Aug/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-639", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-23 05:15
Modified
2024-11-21 05:04
Severity ?
Summary
OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/Oct/20 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/Oct/20 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*", matchCriteriaId: "AEA29625-42CD-49CC-9E34-858CB6C5D28B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:*:*:*:*:*:*:*", matchCriteriaId: "944562A2-53D7-4D75-B238-B9BD0F695E45", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS de stats/diagnostic?param=", }, ], id: "CVE-2020-15004", lastModified: "2024-11-21T05:04:36.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-23T05:15:13.390", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-30 22:15
Modified
2024-11-21 05:23
Severity ?
Summary
OX App Suite 7.10.4 and earlier allows SSRF via a snippet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9451471A-06E1-456C-8B82-ADEB746B97C7", versionEndIncluding: "7.10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.4 and earlier allows SSRF via a snippet.", }, { lang: "es", value: "OX App Suite versiones 7.10.4 y anteriores, permiten un ataque de tipo SSRF por medio de un fragmento.", }, ], id: "CVE-2020-28943", lastModified: "2024-11-21T05:23:20.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-30T22:15:07.587", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-31 22:15
Modified
2024-11-21 02:11
Severity ?
Summary
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "567B4139-220A-46A7-B847-616F99A1EA66", versionEndIncluding: "7.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "0A708019-6229-4768-994C-5A51B0495CAC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision1:*:*:*:*:*:*", matchCriteriaId: "A4895984-4266-4924-A9C4-4DFEA90AFF79", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision10:*:*:*:*:*:*", matchCriteriaId: "39A9F45E-5CAB-4BE5-8EAB-9E5ED43B4381", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision2:*:*:*:*:*:*", matchCriteriaId: "72DB60BE-F818-4481-95BD-C0C1A42F2618", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision3:*:*:*:*:*:*", matchCriteriaId: "0B54DE9D-563C-45A9-BDED-3F216FECF28B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision4:*:*:*:*:*:*", matchCriteriaId: "F2A40E87-368E-4815-9988-1153E1866103", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision5:*:*:*:*:*:*", matchCriteriaId: "E112E77E-C2CC-40D4-A8DC-F1FF76305CA8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision6:*:*:*:*:*:*", matchCriteriaId: "76A099A1-23A0-4F0B-84C4-05C687F24F20", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision7:*:*:*:*:*:*", matchCriteriaId: "D0E95BA0-1517-4DAA-93B5-2B84DF4C3074", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision8:*:*:*:*:*:*", matchCriteriaId: "5F1899F3-6554-4C42-ACA2-4C22993D49DA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision9:*:*:*:*:*:*", matchCriteriaId: "A45F679A-7F4D-49A5-8B95-E588102601F9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*", matchCriteriaId: "A0A22E01-73E0-4140-8BA1-AB147A9471CD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision1:*:*:*:*:*:*", matchCriteriaId: "91DC49BA-9FF4-4E0F-9723-E8F2970D6835", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision2:*:*:*:*:*:*", matchCriteriaId: "BB0ABA40-F8EF-4368-98A6-083F0E4528EF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision3:*:*:*:*:*:*", matchCriteriaId: "B9E00E96-8D99-4579-8104-274908F3AAD5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision4:*:*:*:*:*:*", matchCriteriaId: "733FEC4F-0DC2-49DE-8660-449CCE5A7F2F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision5:*:*:*:*:*:*", matchCriteriaId: "CFA35536-65FA-4228-9C84-CC69C91B3A3F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision6:*:*:*:*:*:*", matchCriteriaId: "0A6AABD0-D82F-465B-8B73-CA0B8A611DB8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision7:*:*:*:*:*:*", matchCriteriaId: "85511C44-A366-4F62-944B-AEEDB8A6B938", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision8:*:*:*:*:*:*", matchCriteriaId: "D3AD4BE8-CC1D-4FFA-B890-F565EA555366", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.", }, { lang: "es", value: "Múltiples vulnerabilidades de salto de ruta absoluto en documentconverter en Open-Xchange (OX) AppSuite versiones anteriores a 7.4.2-rev10 y versiones 7.6.x anteriores a 7.6.0-rev10, permiten a atacantes remotos leer archivos de aplicación por medio de un nombre de ruta completo en un (1) objeto OLE o (2) imagen diseñada en un archivo de texto OpenDocument.", }, ], id: "CVE-2014-5236", lastModified: "2024-11-21T02:11:40.067", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-31T22:15:10.573", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev9:*:*:*:*:*:*", matchCriteriaId: "F8BB7BBD-7706-479D-B1DB-9EAC321913EB", versionEndIncluding: "7.8.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev11. El componente de desinfectante de contenido tiene un problema con el filtrado de contenido malicioso en caso de que un código HTML inválido sea provisto. En estos casos el filtro emitirá una representación del contenido no desinfectada. El código script malicioso puede ser ejecutado dentro de un contexto de usuario. Esto puede conducir al secuestro de sesión o desencadenamiento de acciones no deseadas a través de la interfaz web (enviando correos, borrando datos etc.). Los atacantes pueden utilizar este problema para evadir el filtro para inyectar código script más tarde.", }, ], id: "CVE-2016-4026", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:04.833", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036157", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:27
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Product | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "C77DCBA3-CB5A-4F73-817E-717C8335463E", versionEndIncluding: "7.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.", }, { lang: "es", value: "Open-Xchange GmbH OX App Suite versión 7.8.3 y anteriores, se ven afectados por: Exposición de la Información.", }, ], id: "CVE-2017-5210", lastModified: "2024-11-21T03:27:17.260", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T15:29:00.647", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "http://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "http://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/538892/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/91775 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1036296 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/538892/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91775 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036296 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev12:*:*:*:*:*:*", matchCriteriaId: "3C2B6BD4-4227-4BBB-AAAC-67C013086E31", versionEndIncluding: "7.8.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering).", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev14. Añadir imágenes de recursos externos a los editores HTML con drag&drop puede potencialmente permitir una ejecución de código script en el contexto de un usuario activo. Para explotar esto, un usuario necesita ser engañado para usar una imagen de un sitio web manipulado especial y añadirla a las áreas de editor HTML de OX App Suite, por ejemplo E-Mail Compose o OX Text. Este ataque específico evita los filtros XSS y los mecanismos de detección típicos, ya que el código no se carga desde un servicio externo sino que se inyecta localmente. El código script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesión o activar acciones no deseadas a través de la interfaz web (envío de correo, eliminación de datos, etc.). Para explotar esta vulnerabilidad, un atacante necesita convencer a un usuario de seguir pasos específicos (ingeniería social).", }, ], id: "CVE-2016-5124", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:13.223", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/538892/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91775", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/538892/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036296", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-05 20:29
Modified
2024-11-21 04:16
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jul/12 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1041213 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jul/12 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041213 | Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "CEE77111-9626-48C1-9C13-6FF650B91363", versionEndIncluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*", matchCriteriaId: "D4417841-A79D-479F-BBB4-13892CD29CCB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*", matchCriteriaId: "11FED64F-98F2-4155-A34D-DCC0DCF55CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*", matchCriteriaId: "544677BC-DEFB-45B8-BB08-124E5666A04B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*", matchCriteriaId: "ABA212B4-FC4B-4268-A778-23D588E76880", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*", matchCriteriaId: "10D10170-9528-49BB-88B8-92A4D016EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*", matchCriteriaId: "2DA48ACB-659B-408C-B7E1-945A6333C1A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*", matchCriteriaId: "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*", matchCriteriaId: "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*", matchCriteriaId: "449B4C7A-6287-4018-86AA-D34BEF8DB83C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*", matchCriteriaId: "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*", matchCriteriaId: "8BF46085-0E23-4C9C-9899-30EB63EFC392", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*", matchCriteriaId: "39BB146E-14BF-4AC7-B267-3176545CBCB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*", matchCriteriaId: "64201845-70B6-4124-BA02-DE0646BE75A9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*", matchCriteriaId: "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E26B66B2-9BE8-4843-9B4B-D673FAC44023", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*", matchCriteriaId: "2633E559-38E4-4024-BB5F-94EDFE5F93FF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*", matchCriteriaId: "E804C89F-033F-43B3-B63B-172F9B2136CB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*", matchCriteriaId: "0F7C6765-34DD-4326-99A8-F85DA19ECE91", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*", matchCriteriaId: "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*", matchCriteriaId: "B040A950-FEC3-465D-AD19-3AA8EE11AE92", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*", matchCriteriaId: "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*", matchCriteriaId: "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*", matchCriteriaId: "76D18DCA-5D64-4D38-99B0-1B984C402E70", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*", matchCriteriaId: "46718CD2-0403-4DA2-B157-5714BD654EB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*", matchCriteriaId: "4BA1274B-9103-449F-ABD1-C898B716B433", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*", matchCriteriaId: "3BB485BC-3247-4E06-8017-118B597B0184", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*", matchCriteriaId: "6C447C6E-6188-47C6-BC68-8FD99B49F2D0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*", matchCriteriaId: "211647E5-8BCA-4393-B54B-CE382D5DF3F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*", matchCriteriaId: "855C2E78-C554-43A7-BD3F-747053F45709", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*", matchCriteriaId: "64594DD5-2816-4123-A12C-505FE4480AE9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*", matchCriteriaId: "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*", matchCriteriaId: "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*", matchCriteriaId: "30145547-3406-4639-A5AD-52EFAA734EEF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*", matchCriteriaId: "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*", matchCriteriaId: "91040A22-04F6-43ED-A6A1-060703D285C7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*", matchCriteriaId: "5A3E2338-E774-4188-B352-B79FBB9C5511", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*", matchCriteriaId: "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*", matchCriteriaId: "E8381BB7-3602-4DCF-A070-1067C277AAA0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*", matchCriteriaId: "98B758CC-D26C-4B83-98E7-3BA4ECF96966", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*", matchCriteriaId: "7BCE965A-70BE-4159-93D8-A2520C8C4CB2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*", matchCriteriaId: "1152B60C-3188-4BE7-897A-B09C5732ECAB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*", matchCriteriaId: "5F1F087A-7373-4B7F-87BD-8509704F47CF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*", matchCriteriaId: "D82CB956-9A14-49C5-8308-52198589BAC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*", matchCriteriaId: "2F202094-2A74-44DA-BB3A-06AF3326E544", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*", matchCriteriaId: "DC128D82-A687-4043-AC01-9A329ED9F9EB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*", matchCriteriaId: "CBE4CF1D-B716-4992-B3DE-599AD7407780", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*", matchCriteriaId: "49FCC4A7-3078-421A-A3A1-C58976F47262", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*", matchCriteriaId: "F57910B1-968D-4DF3-8C2D-9EB3765C7214", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*", matchCriteriaId: "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*", matchCriteriaId: "A07A8019-D7D7-4E1D-AEA7-DF509175393D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*", matchCriteriaId: "9FEEF620-CD8A-49C4-89D6-565503A1790F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6164303F-253E-440C-A45C-94FFF7B492AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*", matchCriteriaId: "4DD257D7-D9B2-4036-92D6-3A923B7DC59F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*", matchCriteriaId: "36383B07-AF6C-4EDA-A35E-50633D1612A4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*", matchCriteriaId: "032B8B47-9E01-41B3-99D4-DECD4727DEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*", matchCriteriaId: "F7211571-4614-4169-A897-D0047304A4B1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*", matchCriteriaId: "992082E5-5E00-40F0-8246-FD44D189C70D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*", matchCriteriaId: "4279A168-8A9A-43FF-8766-738EE31D6E25", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*", matchCriteriaId: "5A734819-B817-4E54-89B1-B6A5FD52C758", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*", matchCriteriaId: "63AFF50B-7ABD-455D-A2A5-05432B41E4BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*", matchCriteriaId: "E2842D25-1A80-4403-B7A2-6E26527588E8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*", matchCriteriaId: "7DAA5D88-75E9-4D77-9F34-AB456F0733F6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*", matchCriteriaId: "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev22:*:*:*:*:*:*", matchCriteriaId: "FD42433D-4B5C-43F5-8C5C-D97C6C3E5613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev23:*:*:*:*:*:*", matchCriteriaId: "B30EB62B-FEAC-4E7C-8AB8-E27879E18006", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev24:*:*:*:*:*:*", matchCriteriaId: "88A08BF6-4410-48F9-B4D9-FCCA7B6DBF64", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev25:*:*:*:*:*:*", matchCriteriaId: "49A24746-6C5E-48BE-A001-CB25BF0189D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev26:*:*:*:*:*:*", matchCriteriaId: "7DA74FDF-0313-4783-B69D-17861F228FA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev27:*:*:*:*:*:*", matchCriteriaId: "949DD220-BFA8-4C5B-8334-5D545D336879", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*", matchCriteriaId: "8681201A-5DB3-42A9-A203-9641B4459537", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*", matchCriteriaId: "C567F8B8-D9D0-4006-819C-C995C6573FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*", matchCriteriaId: "07FEF270-E3ED-463D-9940-7FC9573E40C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*", matchCriteriaId: "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*", matchCriteriaId: "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*", matchCriteriaId: "BF34B133-486B-4D77-8745-4D0E082FF8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*", matchCriteriaId: "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.", }, { lang: "es", value: "Vulnerabilidad de Cross-Site Scripting (XSS) en mail compose en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev31, versiones 7.8.x anteriores a la 7.8.2-rev31, versiones 7.8.3 anteriores a la 7.8.3-rev41 y versiones 7.8.4 anteriores a la 7.8.4-rev28 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante el atributo data-target en una página HTML con gadgets data-toggle.", }, ], id: "CVE-2018-9997", lastModified: "2024-11-21T04:16:00.637", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-05T20:29:00.903", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jul/12", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jul/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041213", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-03-20 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.4.1 | |
| open-xchange | open-xchange_appsuite | 7.4.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0ABF6E32-2996-4DCF-A4A2-197CCFAEE22C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "0A708019-6229-4768-994C-5A51B0495CAC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria \"tags\" for screenreaders at the top bar'.", }, { lang: "es", value: "Vulnerabilidad de XSS en el Frontend en Open-Xchange (OX) AppSuite 7.4.1 anterior a 7.4.1-rev10 y 7.4.2 anterior a 7.4.2-rev8 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del asunto de un email, involucrando las etiquetas aria para lectores de pantalla en la barra superior.", }, ], id: "CVE-2014-2077", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-03-20T16:55:16.950", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/57290", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/57290", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-22 17:15
Modified
2024-11-21 06:15
Severity ?
Summary
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*", matchCriteriaId: "D3CF4C4E-3FF0-4B4A-8246-8F8981D66180", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5547:*:*:*:*:*:*", matchCriteriaId: "4284A4B4-42CF-4196-B990-0DE2AC7FF5F8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5572:*:*:*:*:*:*", matchCriteriaId: "1AF0528B-838B-4C80-B91D-D3009EFBD2E5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5623:*:*:*:*:*:*", matchCriteriaId: "927E4E17-02FC-46D6-B1EE-BBB6C710BE63", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5653:*:*:*:*:*:*", matchCriteriaId: "43DECDE0-C942-4B4B-A2E1-63B8E32B7334", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5677:*:*:*:*:*:*", matchCriteriaId: "54F4578F-1515-4F60-B890-421CB3FB09C5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5720:*:*:*:*:*:*", matchCriteriaId: "8853D9CE-A4F6-4935-BEA2-C039E867ADEF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*", matchCriteriaId: "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev10:*:*:*:*:*:*", matchCriteriaId: "F7FD3C9C-7750-4907-BF23-65606E7A6966", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev11:*:*:*:*:*:*", matchCriteriaId: "42BAD919-0599-4303-A7E3-5026AC8F415E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev12:*:*:*:*:*:*", matchCriteriaId: "6D0555E6-057D-475D-9EAF-F1EEC2D2157E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev13:*:*:*:*:*:*", matchCriteriaId: "CDDA5DF9-62FF-4E6F-943C-C70620D56AE9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev14:*:*:*:*:*:*", matchCriteriaId: "A9C26834-176A-4DD0-816E-87F12C2A0980", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev15:*:*:*:*:*:*", matchCriteriaId: "63BA3355-83A5-4758-9208-574760D72AF6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev16:*:*:*:*:*:*", matchCriteriaId: "DEDF0974-91A9-4F6C-B31F-327EBBF2321A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev17:*:*:*:*:*:*", matchCriteriaId: "79FED998-07D0-457B-9CC4-1CDE8D6B26E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev18:*:*:*:*:*:*", matchCriteriaId: "27EAB5B4-8F1A-4069-B150-032BADA92C1F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev19:*:*:*:*:*:*", matchCriteriaId: "265D758D-DA32-46FC-B7A7-1B695C2E7972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*", matchCriteriaId: "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev20:*:*:*:*:*:*", matchCriteriaId: "FE723E1C-E86A-4BC0-85DD-B051B1773A0A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev21:*:*:*:*:*:*", matchCriteriaId: "E441FE6E-2653-4BAE-9EFC-AE195A442804", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev22:*:*:*:*:*:*", matchCriteriaId: "516B7ACF-ABB8-4DBA-9E71-3B57B7C74376", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev23:*:*:*:*:*:*", matchCriteriaId: "60236FC4-81DA-4ED6-8C5B-6BC9FF6A177B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev24:*:*:*:*:*:*", matchCriteriaId: "E186C7BC-F3EC-4B9E-97BC-59CE860DD99B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev25:*:*:*:*:*:*", matchCriteriaId: "FE494389-735E-47FC-9A12-5305FA11735F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev26:*:*:*:*:*:*", matchCriteriaId: "6BD572F0-1B43-4FB5-BAE2-A9169BACFABE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev27:*:*:*:*:*:*", matchCriteriaId: "CD1EAF9A-189B-47B8-A00A-5604D1B8D8A8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev28:*:*:*:*:*:*", matchCriteriaId: "63318E39-A502-4AD8-9C8D-C15F08847BD8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev29:*:*:*:*:*:*", matchCriteriaId: "59C68527-4F08-4436-9D14-8BA65EEEFFC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*", matchCriteriaId: "B031D97E-A967-4124-8A42-EFA4B3576124", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev30:*:*:*:*:*:*", matchCriteriaId: "79A59F84-11DE-4560-A820-8E4F7B715888", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev31:*:*:*:*:*:*", matchCriteriaId: "4C2F2472-91C4-48AF-979A-7C003BBD36CD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*", matchCriteriaId: "649774E8-6489-4AD7-95A8-AAF7154B2C05", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*", matchCriteriaId: "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*", matchCriteriaId: "1AC0DD2C-02D1-4CA9-A05C-81359BD30FA2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev7:*:*:*:*:*:*", matchCriteriaId: "720B7107-09AC-41AB-97BB-DFC3FABFDB55", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev8:*:*:*:*:*:*", matchCriteriaId: "17E4B9E0-D5D3-4291-91A0-15885B559D5B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev9:*:*:*:*:*:*", matchCriteriaId: "7ECB4D19-C148-473B-B0C0-FD9007912F86", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:-:*:*:*:*:*:*", matchCriteriaId: "89BEBFB4-A028-4D5E-846E-7403D3491147", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev1:*:*:*:*:*:*", matchCriteriaId: "FED62869-ACA8-42B1-9AFE-0C0535E2C2F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev10:*:*:*:*:*:*", matchCriteriaId: "CB85F4BA-8E1B-490A-83FC-906EDF990750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev11:*:*:*:*:*:*", matchCriteriaId: "525841F3-E9ED-4593-9163-9DFA114EF5D6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev12:*:*:*:*:*:*", matchCriteriaId: "6382225F-80C8-4A21-AC5F-E1645B420DD5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev13:*:*:*:*:*:*", matchCriteriaId: "3EC95556-A105-4C03-AB54-AAB3A943A22F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev14:*:*:*:*:*:*", matchCriteriaId: "34BB4402-3151-4ED1-BC4E-F00A7E5FDB1E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev15:*:*:*:*:*:*", matchCriteriaId: "96FB19E6-E819-419A-B2C0-717F196A5A52", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev16:*:*:*:*:*:*", matchCriteriaId: "433C2CBB-E3D7-4209-81DA-E183B2BF23A6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev17:*:*:*:*:*:*", matchCriteriaId: "B2117B25-DABE-47B2-9337-5FAC000EC558", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev2:*:*:*:*:*:*", matchCriteriaId: "97039EE9-3567-4C10-9A85-8BED8C76BEDF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev3:*:*:*:*:*:*", matchCriteriaId: "AF1AAB93-9205-47FB-BEC3-EC7DF9A20732", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev4:*:*:*:*:*:*", matchCriteriaId: "E9A3E84C-665F-470C-8D19-31446ABFF7D3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev5:*:*:*:*:*:*", matchCriteriaId: "45C98776-55CE-4AF8-9141-75E0B86AE844", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev6:*:*:*:*:*:*", matchCriteriaId: "E94C88CD-9A26-45DE-A408-956D693FDE29", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev7:*:*:*:*:*:*", matchCriteriaId: "005CA94F-FA8A-474C-8135-CA0158D192F8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev8:*:*:*:*:*:*", matchCriteriaId: "4D01DFB9-FFE1-4635-8D59-E2325AADAAF1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev9:*:*:*:*:*:*", matchCriteriaId: "B051C6E0-334E-45A2-990B-81FE7E4FB507", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.", }, { lang: "es", value: "OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de un fragmento de código (contenido generado por el usuario) cuando es creado un enlace para compartir y una URL relativa de App Loader es usada", }, ], id: "CVE-2021-37403", lastModified: "2024-11-21T06:15:05.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-22T17:15:09.583", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Not Applicable", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Not Applicable", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:17
Severity ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/components/releasenotes/7.8.3/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/components/releasenotes/7.8.3/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, { lang: "es", value: "OX Software GmbH OX App Suite versión 7.8.4 y anteriores, se ven afectados por: Cross Site Scripting (XSS).", }, ], id: "CVE-2017-17061", lastModified: "2024-11-21T03:17:25.367", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T15:29:00.587", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/components/releasenotes/7.8.3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/components/releasenotes/7.8.3/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un encabezado Content-Disposition diseñado en un documento HTML cargado en un URI ajax/share/(share-token)?delivery=view", }, ], id: "CVE-2021-23929", lastModified: "2024-11-21T05:52:04.063", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-12T22:15:12.573", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 03:46
Severity ?
Summary
OX App Suite 7.8.4 and earlier allows SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jan/46 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jan/46 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.8.4 and earlier allows SSRF.", }, { lang: "es", value: "OX App Suite, en versiones 7.8.4 y anteriores, permite Server-Side Request Forgery (SSRF).", }, ], id: "CVE-2018-13103", lastModified: "2024-11-21T03:46:26.667", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-21T16:00:17.093", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jan/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jan/46", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-09-17 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "567B4139-220A-46A7-B847-616F99A1EA66", versionEndIncluding: "7.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8DAEED7B-C295-42B4-A60B-2EAA596E3D65", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*", matchCriteriaId: "A0A22E01-73E0-4140-8BA1-AB147A9471CD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.", }, { lang: "es", value: "Vulnerabilidad cross-site scripting (XSS) en Backend en Open-Xchange (OX) AppSuite anterior a 7.4.2-rev33 y 7.6.x anterior a 7.6.0-rev16 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la publicación del nombre de la carpeta.", }, ], id: "CVE-2014-5234", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-09-17T14:55:03.447", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/61080", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/533443/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/69796", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/61080", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/533443/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/69796", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-26 02:15
Modified
2025-04-14 15:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9D3B06B3-8919-4D41-87A6-DA39189750B9", versionEndExcluding: "7.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*", matchCriteriaId: "FE68F102-2EE1-44FF-A8AB-6F71F62712D1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*", matchCriteriaId: "4F5923E6-C4C1-492F-A130-65D102F67B40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*", matchCriteriaId: "D703A274-D197-42B3-9720-70E6CCD9E825", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*", matchCriteriaId: "D4D5F145-F2BA-4589-8B9A-B967069EA355", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*", matchCriteriaId: "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*", matchCriteriaId: "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*", matchCriteriaId: "3FAD63B8-9158-4552-8987-3A418AC5A3A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*", matchCriteriaId: "87793628-6C35-4137-B584-3AE2A8363AEC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*", matchCriteriaId: "06C14CAB-9C56-48A2-82FA-16110923CC78", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*", matchCriteriaId: "2201C280-3674-4FA4-8176-723C175A2469", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*", matchCriteriaId: "A3CB3836-AD68-4167-98FD-5B05CC9C92EE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*", matchCriteriaId: "604CF453-CBBE-4123-B3ED-87A8CBF407DE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*", matchCriteriaId: "6AF52278-E711-4656-9A1C-0A3A7F3C671F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*", matchCriteriaId: "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*", matchCriteriaId: "8A0D1287-7A32-4F56-97F2-8573F12D8EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*", matchCriteriaId: "69858B8E-E4C7-485C-882A-206E07D7343F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*", matchCriteriaId: "C2B82BFA-39B6-4DC8-B691-3284FDCFA227", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*", matchCriteriaId: "FD4E8470-B8CE-4670-8334-86B817180E96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*", matchCriteriaId: "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*", matchCriteriaId: "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*", matchCriteriaId: "41EA5F8E-05B5-4C4A-8853-B6948C358F06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*", matchCriteriaId: "3E1A5843-F09A-4BBE-878D-C967E4061B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*", matchCriteriaId: "D579A835-6B7F-4C77-991F-C760CB8D3750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*", matchCriteriaId: "B4935091-B9B4-4EA7-8785-FE4529ACFEBF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*", matchCriteriaId: "33DAB50E-18A0-43CC-9043-5E2B722F3A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*", matchCriteriaId: "0E1E9E82-17E3-4B43-AD5B-BBAD25759950", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*", matchCriteriaId: "E73BDC2E-3C39-454F-B929-8BB936F36AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*", matchCriteriaId: "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*", matchCriteriaId: "9EA739D6-10BD-48B4-9C30-92BE4381C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*", matchCriteriaId: "79219E01-26C2-462C-B604-783490F26565", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*", matchCriteriaId: "6F121147-1AAB-4123-AFD2-31F39434819F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*", matchCriteriaId: "52B9445C-4B0E-437A-BE3C-DBB8A621D354", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*", matchCriteriaId: "979495B8-8BF0-41B0-9BD5-48554A9C8889", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*", matchCriteriaId: "A82EF754-CCB7-4A03-8986-42BA76E6A2C9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*", matchCriteriaId: "F4CAFBCA-BD13-4295-A558-844716BA0C81", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*", matchCriteriaId: "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class=\"deep-link-app\" for a /#!!&app=%2e./ URI.", }, { lang: "es", value: "OX App Suite hasta 7.10.6 permite XSS a través de un enlace profundo, como lo demuestra class=\"deep-link-app\" para un URI /#!!&app=%2e./.", }, ], id: "CVE-2022-31469", lastModified: "2025-04-14T15:15:17.677", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-12-26T02:15:09.573", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/538732/100/0/threaded | ||
| cve@mitre.org | http://www.securitytracker.com/id/1036157 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/538732/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036157 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev9:*:*:*:*:*:*", matchCriteriaId: "F8BB7BBD-7706-479D-B1DB-9EAC321913EB", versionEndIncluding: "7.8.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev10. El frontend App Suite ofrece controlar si un usuario quiere almacenar cookies que exceden la duración de sesión. Esta funcionalidad es útil cuando se inicia sesión desde clientes con privilegios reducidos o entornos compartidos. Sin embargo la configuración fue reconocida incorrectamente y las cookies fueron almacenadas independientemente de estos ajustes cuando el inicio de sesión fue realizado usando un método de inicio de sesión no interactivo. En caso de que el ajuste fuera forzado por la configuración de middleware o el usuario pasó por la página de inicio de sesión interactiva, el flujo de trabajo era correcto. Las cookies con información de autenticación pueden estar disponibles para otros usuarios en entornos compartidos. En caso de que el usuario no se haya desconectado correctamente de la sesión, los terceros con acceso al mismo cliente pueden acceder a la cuenta de un usuario.", }, ], id: "CVE-2016-4027", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:06.393", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036157", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-12 09:15
Modified
2024-11-21 08:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "7804FF21-94F6-4160-9628-B91ED4CDDCB6", versionEndExcluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "3159C504-0462-4AA9-9137-F25961B67ED6", versionEndExcluding: "7.10.6", versionStartExcluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "F37B7CC3-A4D2-4CA5-8159-FE1A9016F9A0", versionEndExcluding: "8.20", versionStartExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:-:*:*:*:*:*:*", matchCriteriaId: "7AB04398-3973-4503-959E-FA8EE511DA45", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3464:*:*:*:*:*:*", matchCriteriaId: "161CD641-C9EC-4FBE-BFFD-48C96FE71085", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3519:*:*:*:*:*:*", matchCriteriaId: "73F1F959-F82B-4E00-91AE-C39037A93DDF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3569:*:*:*:*:*:*", matchCriteriaId: "E151E1EA-DA35-47CB-80C2-359518C213FD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3627:*:*:*:*:*:*", matchCriteriaId: "156910B8-F553-4F4C-B990-131F04001AB2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3728:*:*:*:*:*:*", matchCriteriaId: "13248A9A-D131-4596-A511-A18A83F9D4C2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3875:*:*:*:*:*:*", matchCriteriaId: "54936294-45A6-410B-B6F6-CC2CEFCE937E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3922:*:*:*:*:*:*", matchCriteriaId: "8EDB7577-5763-41A1-90A7-7D7F225F8C14", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3949:*:*:*:*:*:*", matchCriteriaId: "39B4BD56-3236-4AE0-93F6-F0E0190C77AD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3991:*:*:*:*:*:*", matchCriteriaId: "6F20C5D9-6DCA-4F3F-A9A8-FACAE5C4AB18", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4047:*:*:*:*:*:*", matchCriteriaId: "F94B78AE-45FE-4BA7-BFD6-55767F8C3A0E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4133:*:*:*:*:*:*", matchCriteriaId: "B103D02E-C443-446B-A358-A052866BC624", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4423:*:*:*:*:*:*", matchCriteriaId: "4D578FCB-EE90-4BB9-9E28-DC1FA139787C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4470:*:*:*:*:*:*", matchCriteriaId: "71380C28-6A25-425B-BE7F-6D06E0CE5C2F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4552:*:*:*:*:*:*", matchCriteriaId: "DDBF0D2F-2C22-448E-A0D2-E66527188928", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4667:*:*:*:*:*:*", matchCriteriaId: "50EC169C-73B6-40F5-8C7A-6DD71DC19893", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4750:*:*:*:*:*:*", matchCriteriaId: "4B2CA948-280B-4EB8-9309-B016C9557A64", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4789:*:*:*:*:*:*", matchCriteriaId: "36511A48-EBD8-40C2-A1FB-10F33264CF3F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4839:*:*:*:*:*:*", matchCriteriaId: "EBE8374F-0D7D-422F-83AC-ADF9B9E6E511", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4860:*:*:*:*:*:*", matchCriteriaId: "285B9A4B-6F4F-4899-AD2A-57E22BF9F7BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4895:*:*:*:*:*:*", matchCriteriaId: "5BAD0604-90FC-4647-854A-E10330579B89", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5104:*:*:*:*:*:*", matchCriteriaId: "7F26505E-0F61-40A2-B6BA-17C7E30D375C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5165:*:*:*:*:*:*", matchCriteriaId: "FD3E0ABC-2DAC-4441-96DB-BD84DD8B8E81", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5231:*:*:*:*:*:*", matchCriteriaId: "347700F5-3BDA-4DA3-AA81-4D593E131AB9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5537:*:*:*:*:*:*", matchCriteriaId: "5EF075DE-44C7-4FC0-9BD7-E7A2C95651D8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5637:*:*:*:*:*:*", matchCriteriaId: "5CB6B4D0-E2B8-44F3-877B-293325EF44A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5910:*:*:*:*:*:*", matchCriteriaId: "716CC742-9F23-4734-9CFF-338A231476D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*", matchCriteriaId: "0F56A261-EC62-423C-B487-35EA9D4A83FB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*", matchCriteriaId: "D295E160-C87A-498D-AB0E-BA1E50825249", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*", matchCriteriaId: "A30BE138-D745-4F0E-AAE4-202A1C769C85", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*", matchCriteriaId: "7CF4FCB9-7360-4ABB-95FB-0239CDC8D3AD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*", matchCriteriaId: "465DD666-3499-4911-A1DF-6BAAFCCFA006", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*", matchCriteriaId: "6F18CEDC-5D7A-4496-8B5E-59EBEA4362BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*", matchCriteriaId: "8C1DE547-F217-4518-AD90-3607AE21F6ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.", }, { lang: "es", value: "Ahora se supervisa el tiempo de procesamiento de las expresiones de búsqueda de unidades y la solicitud relacionada finaliza si se alcanza un umbral de recursos. La disponibilidad de OX App Suite podría verse reducida debido a la alta carga de procesamiento. Implemente las actualizaciones y lanzamientos de parches proporcionados. El procesamiento de expresiones de búsqueda de unidades definidas por el usuario no está limitado. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-41706", lastModified: "2024-11-21T08:21:30.800", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-12T09:15:11.073", references: [ { source: "security@open-xchange.com", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*", matchCriteriaId: "63233ABF-06E1-4819-B885-1028FEA3EB5A", versionEndIncluding: "7.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded \"data\" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. Un código script con hiperlinks en HTML E-Mails no está siendo correctamente desinfectado cuando utliliza recursos codificados base64 \"data\". Esto permite a un atacante proporcionar hiperlinks que podrían ejecutar un código script en lugar de dirigir a una localización adecuada. El código script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesión o activar acciones no deseadas a través de la interfaz web (envío de correo, eliminación de datos, etc.).", }, ], id: "CVE-2016-6845", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:18.283", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93457", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-22 19:29
Modified
2024-11-21 03:36
Severity ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.", }, { lang: "es", value: "OX Software GmbH OX App Suite 7.8.4 y versión anterior, se ven afectados por: Exposición de Información.", }, ], id: "CVE-2017-9809", lastModified: "2024-11-21T03:36:54.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-22T19:29:00.237", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-09 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "B2E10052-CF1B-4A96-87DD-8AEEBC96E4E6", versionEndIncluding: "7.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing \"crafted hyperlinks with script URL handlers.\"", }, { lang: "es", value: "Multiple cross-site scripting (XSS) en Open-Xchange (OX) AppSuite 7.4.0 y anteriores que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) un correo electrónico HTML con código CSS manipulado que contiene caracteres comodín o (2) la oficina documentos que contienen \"hipervínculos manipulados con manejadores de script de URL.\"", }, ], id: "CVE-2013-6997", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-01-09T00:55:03.097", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/101714", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/101715", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/530681/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/64676", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1029554", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/101714", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/101715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/530681/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/64676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029554", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90113", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-30 22:15
Modified
2024-11-21 06:06
Severity ?
Summary
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Not Applicable, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Not Applicable, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9451471A-06E1-456C-8B82-ADEB746B97C7", versionEndIncluding: "7.10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.", }, { lang: "es", value: "OX App Suite versiones 7.10.4 y anteriores permiten un ataque de tipo XSS por medio de una lista de distribución diseñada (carga útil en el nombre común) que es manejada inapropiadamente en la vista de programación.", }, ], id: "CVE-2021-31935", lastModified: "2024-11-21T06:06:32.850", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-30T22:15:07.780", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-02 19:15
Modified
2024-11-21 02:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8DAEED7B-C295-42B4-A60B-2EAA596E3D65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting (XSS) en el back-end en Open-Xchange (OX) AppSuite versiones 7.2.x anteriores a 7.2.2-rev27 y versiones 7.4.x anteriores a 7.4.0-rev20, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de cuerpo de un correo electrónico. NOTA: esta vulnerabilidad fue SPLIT de CVE-2013-6242 porque afecta a diferentes conjuntos de versiones.", }, ], id: "CVE-2013-7486", lastModified: "2024-11-21T02:01:07.780", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-02T19:15:12.587", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2013/Nov/127", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029394", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://xforce.iss.net/xforce/xfdb/89250", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2013/Nov/127", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029394", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://xforce.iss.net/xforce/xfdb/89250", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-10 15:29
Modified
2024-11-21 03:10
Severity ?
Summary
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://app.com | Not Applicable | |
| cve@mitre.org | http://ox.com | Broken Link | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://app.com | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, { lang: "es", value: "OX Software GmbH App Suite versión 7.8.4 y anteriores estan afectadas por: Cross Site Scripting (XSS).", }, ], id: "CVE-2017-12885", lastModified: "2024-11-21T03:10:22.630", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-10T15:29:00.527", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "http://app.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://app.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 04:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "C77DCBA3-CB5A-4F73-817E-717C8335463E", versionEndIncluding: "7.8.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*", matchCriteriaId: "0F7C6765-34DD-4326-99A8-F85DA19ECE91", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*", matchCriteriaId: "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*", matchCriteriaId: "F57910B1-968D-4DF3-8C2D-9EB3765C7214", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*", matchCriteriaId: "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*", matchCriteriaId: "A07A8019-D7D7-4E1D-AEA7-DF509175393D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*", matchCriteriaId: "9FEEF620-CD8A-49C4-89D6-565503A1790F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6164303F-253E-440C-A45C-94FFF7B492AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*", matchCriteriaId: "8681201A-5DB3-42A9-A203-9641B4459537", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*", matchCriteriaId: "C567F8B8-D9D0-4006-819C-C995C6573FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*", matchCriteriaId: "07FEF270-E3ED-463D-9940-7FC9573E40C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*", matchCriteriaId: "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*", matchCriteriaId: "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*", matchCriteriaId: "BF34B133-486B-4D77-8745-4D0E082FF8D9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.", }, { lang: "es", value: "Vulnerabilidad de Cross-Site Scripting (XSS) en el componente office-web en Open-Xchange OX App Suite en versiones anteriores a la 7.8.3-rev12 y versiones 7.8.4 anteriores a la 7.8.4-rev9 permite que atacantes remoto inyecten scripts web o HTML arbitrarios mediante un archivo de presentación manipulado. Esto está relacionado con la copia de contenidos al portapapeles.", }, ], id: "CVE-2018-5754", lastModified: "2024-11-21T04:09:19.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-16T01:29:06.287", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 03:33
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "C77DCBA3-CB5A-4F73-817E-717C8335463E", versionEndIncluding: "7.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.", }, { lang: "es", value: "Open-Xchange GmbH OX App Suite versión 7.8.3 y anteriores, se ven afectados por: Suplantación de Contenido.", }, ], id: "CVE-2017-8341", lastModified: "2024-11-21T03:33:48.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-22T20:29:00.697", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-02 19:15
Modified
2024-11-21 02:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8DAEED7B-C295-42B4-A60B-2EAA596E3D65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting (XSS) en el back-end en Open-Xchange (OX) AppSuite versiones 7.2.x anteriores a la versión 7.2.2-rev26 y versiones 7.4.x anteriores a la versión 7.4.0-rev16, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del nombre de la publicación, que no es manejado apropiadamente en un mensaje de error. NOTA: esta vulnerabilidad fue SEPARADA de CVE-2013-6242 porque afecta a diferentes conjuntos de versiones.", }, ], id: "CVE-2013-7485", lastModified: "2024-11-21T02:01:07.573", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-02T19:15:12.493", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://osvdb.org/100385", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2013/Nov/127", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/55837", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029394", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://xforce.iss.net/xforce/xfdb/89250", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://xforce.iss.net/xforce/xfdb/89251", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://osvdb.org/100385", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2013/Nov/127", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/55837", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029394", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://xforce.iss.net/xforce/xfdb/89250", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://xforce.iss.net/xforce/xfdb/89251", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-20 13:15
Modified
2024-11-21 04:21
Severity ?
Summary
OX App Suite 7.10.1 allows Content Spoofing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:*:*:*:*:*:*:*", matchCriteriaId: "D2C4CC04-9CAA-467A-AE72-CF3AC970296C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.1 allows Content Spoofing.", }, { lang: "es", value: "OX App Suite 7.10.1 permite la suplantación de contenido.", }, ], id: "CVE-2019-11521", lastModified: "2024-11-21T04:21:16.410", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-20T13:15:11.587", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:*:*:*:*:*:*:*:*", matchCriteriaId: "5882C53B-466C-42FB-86CC-BD06F7E4DAC9", versionEndIncluding: "2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:0.8:*:*:*:*:*:*:*", matchCriteriaId: "0927237D-D5A1-46EB-BAE5-46888187F4E9", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:0.9:*:*:*:*:*:*:*", matchCriteriaId: "22472444-4FA4-47F3-9A3D-AA0C0BA4A7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.0:*:*:*:*:*:*:*", matchCriteriaId: "B38D323C-AC7D-4573-B37A-9B42B43128C1", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "30FBBEAA-8044-4CC4-BE57-E885BEE0E1C5", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.1:*:*:*:*:*:*:*", matchCriteriaId: "BA8CCDED-AD24-4685-B9CF-6E2A2CD1FAF5", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.2:*:*:*:*:*:*:*", matchCriteriaId: "0309A401-A4EE-4907-B6C8-9ACF4909CACD", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.3:*:*:*:*:*:*:*", matchCriteriaId: "30ED8AE2-C1B7-49C9-9196-9569635FE983", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.4:*:*:*:*:*:*:*", matchCriteriaId: "6022A958-C784-4DE8-B152-2A4F70CEA815", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.5:*:*:*:*:*:*:*", matchCriteriaId: "D996193D-7C15-40FF-8676-FCC1666CAFED", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.6:*:*:*:*:*:*:*", matchCriteriaId: "25672975-0F1E-4EA5-8DC8-46B6BAFFC160", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.12:*:*:*:*:*:*:*", matchCriteriaId: "C60A95E6-A414-410A-BC7F-57A1347076DA", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.13:*:*:*:*:*:*:*", matchCriteriaId: "75310C21-E572-450A-86B6-D56403D6D810", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.55:*:*:*:*:*:*:*", matchCriteriaId: "EB3DCA01-9BAC-4638-8645-223E83FC90B3", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.0:*:*:*:*:*:*:*", matchCriteriaId: "9C12A5B4-FC2F-4F30-AF32-8EF3A06FB24D", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.1:*:*:*:*:*:*:*", matchCriteriaId: "1D76FD62-6CC5-40B4-BC1E-BBD8A9EDB63A", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.2:*:*:*:*:*:*:*", matchCriteriaId: "2DA9B3BB-8A31-4F1F-B564-9B8A21C2859F", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "DC9A5D0D-F6C3-4D8E-99D6-BD10911F3E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.4:*:*:*:*:*:*:*", matchCriteriaId: "F2510FA1-B868-402E-8298-2AB521442D7C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.", }, { lang: "es", value: "Múltiples vulnerabilidades de condición de carrera en HtmlCleaner anterior a v2.6, como es utilizado en Open-Xchange AppSuite v7.2.2 anterior a rev13 y otros productos, permiten a los usuarios remotos autenticados leer el correo electrónico privado de otras personas en situaciones oportunistas, mediante el aprovechamiento de la falta de seguridad de los subprocesos y la realización de una serie rápida de (1) envío de emails o (2) operaciones de guardado de borradores.", }, ], evaluatorImpact: "CVSS score reflects vendor comments provided in http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html", id: "CVE-2013-5035", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-05T11:44:57.830", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://sourceforge.net/p/htmlcleaner/bugs/86/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://sourceforge.net/p/htmlcleaner/bugs/86/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 05:39
Severity ?
Summary
OX App Suite through 7.10.3 allows SSRF.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6164303F-253E-440C-A45C-94FFF7B492AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev1:*:*:*:*:*:*", matchCriteriaId: "2C7EFE8F-CC45-436A-91A7-4D6CD1D60784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*", matchCriteriaId: "4DD257D7-D9B2-4036-92D6-3A923B7DC59F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*", matchCriteriaId: "36383B07-AF6C-4EDA-A35E-50633D1612A4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev12:*:*:*:*:*:*", matchCriteriaId: "A3305F0B-F84C-4F3A-8186-4086A2F29AA2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*", matchCriteriaId: "032B8B47-9E01-41B3-99D4-DECD4727DEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*", matchCriteriaId: "F7211571-4614-4169-A897-D0047304A4B1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*", matchCriteriaId: "992082E5-5E00-40F0-8246-FD44D189C70D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*", matchCriteriaId: "4279A168-8A9A-43FF-8766-738EE31D6E25", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*", matchCriteriaId: "5A734819-B817-4E54-89B1-B6A5FD52C758", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*", matchCriteriaId: "63AFF50B-7ABD-455D-A2A5-05432B41E4BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*", matchCriteriaId: "E2842D25-1A80-4403-B7A2-6E26527588E8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev2:*:*:*:*:*:*", matchCriteriaId: "42BCC26D-8B47-47E8-878A-11403C226E6E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*", matchCriteriaId: "7DAA5D88-75E9-4D77-9F34-AB456F0733F6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*", matchCriteriaId: "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev22:*:*:*:*:*:*", matchCriteriaId: "FD42433D-4B5C-43F5-8C5C-D97C6C3E5613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev23:*:*:*:*:*:*", matchCriteriaId: "B30EB62B-FEAC-4E7C-8AB8-E27879E18006", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev24:*:*:*:*:*:*", matchCriteriaId: "88A08BF6-4410-48F9-B4D9-FCCA7B6DBF64", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev25:*:*:*:*:*:*", matchCriteriaId: "49A24746-6C5E-48BE-A001-CB25BF0189D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev26:*:*:*:*:*:*", matchCriteriaId: "7DA74FDF-0313-4783-B69D-17861F228FA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev27:*:*:*:*:*:*", matchCriteriaId: "949DD220-BFA8-4C5B-8334-5D545D336879", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev28:*:*:*:*:*:*", matchCriteriaId: "F82BCE0D-A798-4A8A-B028-37AB4E4E9D76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev29:*:*:*:*:*:*", matchCriteriaId: "4DFC4CF9-F13A-43DC-81FA-2289D0B056F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*", matchCriteriaId: "8681201A-5DB3-42A9-A203-9641B4459537", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev30:*:*:*:*:*:*", matchCriteriaId: "6C53AE9B-BA64-4925-A6EA-9F591324F4C7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev31:*:*:*:*:*:*", matchCriteriaId: "9ACF0B3D-A306-4E23-A361-195D3D732907", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev32:*:*:*:*:*:*", matchCriteriaId: "5F71BE82-6E92-4372-99D7-ED46057CE572", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev33:*:*:*:*:*:*", matchCriteriaId: "75473DD5-3E0C-472B-ABAB-993538E89A0B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev34:*:*:*:*:*:*", matchCriteriaId: "B7D5A6CF-DAC1-4435-99FC-613BC99AACAC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev35:*:*:*:*:*:*", matchCriteriaId: "03D55E13-C2E3-4A01-8D2D-80F1C69ADB87", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev36:*:*:*:*:*:*", matchCriteriaId: "B9AA07E0-2863-436D-8585-6C0371371B34", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev37:*:*:*:*:*:*", matchCriteriaId: "03045CB8-638C-43C4-BAE3-B1F3586975FE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev38:*:*:*:*:*:*", matchCriteriaId: "81EB9BE2-498A-42D5-B500-750BD5907B11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev39:*:*:*:*:*:*", matchCriteriaId: "2F5A4455-2DE5-409A-A5B0-4EE9503022F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*", matchCriteriaId: "C567F8B8-D9D0-4006-819C-C995C6573FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev40:*:*:*:*:*:*", matchCriteriaId: "C5832883-CE88-4BE9-9F37-19BFF24DEE09", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev41:*:*:*:*:*:*", matchCriteriaId: "1B129936-271F-432D-AB91-25DA1E9AA960", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev42:*:*:*:*:*:*", matchCriteriaId: "0132F603-FA0B-4F91-A49D-FCFA12FDAC3F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev43:*:*:*:*:*:*", matchCriteriaId: "51626D24-7F17-4F43-A768-299F8ABAA663", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev44:*:*:*:*:*:*", matchCriteriaId: "878A7C59-96A2-4EAE-BD72-77C810B9D7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev45:*:*:*:*:*:*", matchCriteriaId: "77272167-B3E2-4046-8C03-1CF9C47E4ED1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev46:*:*:*:*:*:*", matchCriteriaId: "AA7CB7E5-542D-4E9B-B0F3-05073113147B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev47:*:*:*:*:*:*", matchCriteriaId: "16E2357C-3A1B-4A9B-B115-8F7CB10D95FC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev48:*:*:*:*:*:*", matchCriteriaId: "81033CCE-1255-43D2-B429-AAFA7C447885", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev49:*:*:*:*:*:*", matchCriteriaId: "D8478E43-E40D-4E02-B258-055A2120FED0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*", matchCriteriaId: "07FEF270-E3ED-463D-9940-7FC9573E40C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev50:*:*:*:*:*:*", matchCriteriaId: "CD4F40EE-F6E2-45ED-97CA-82B472476622", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev51:*:*:*:*:*:*", matchCriteriaId: "5D8FF2AA-C35F-4E68-A2EC-FC989E4CBE2F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev52:*:*:*:*:*:*", matchCriteriaId: "4C61C021-E42E-4387-85CF-2FBA2F061376", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev53:*:*:*:*:*:*", matchCriteriaId: "96BCE7CA-5EB8-429F-A707-52DF87B92BCB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev54:*:*:*:*:*:*", matchCriteriaId: "AC6CF5C5-93B2-4E00-9ED3-DB337475EDAC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev55:*:*:*:*:*:*", matchCriteriaId: "0CEC20C6-C269-455E-B069-D4071D2A06ED", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev56:*:*:*:*:*:*", matchCriteriaId: "84EAE1A5-7DD1-4F53-80AB-6BFAB46DA92A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev57:*:*:*:*:*:*", matchCriteriaId: "B3C1745F-5866-4443-AA1A-1C66F47E91D0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev58:*:*:*:*:*:*", matchCriteriaId: "37D8F313-87A1-4A8E-A357-97A9CFD5DDD7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev59:*:*:*:*:*:*", matchCriteriaId: "1C843E28-AA2C-4C95-9B4E-0135374D8E05", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*", matchCriteriaId: "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev60:*:*:*:*:*:*", matchCriteriaId: "5DD3B406-C8AD-4C0F-9A9D-C2C1E0C4B7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev61:*:*:*:*:*:*", matchCriteriaId: "C9D33E26-E4EA-4DF6-AEA0-0D3321500232", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev62:*:*:*:*:*:*", matchCriteriaId: "87DE98B2-602F-4C2A-9870-924A89E47A6C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev63:*:*:*:*:*:*", matchCriteriaId: "41B1D2EC-775F-4660-81BF-E45CFE1682E1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev64:*:*:*:*:*:*", matchCriteriaId: "0CBCF797-67ED-4A06-99D0-C21A928202D2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev65:*:*:*:*:*:*", matchCriteriaId: "790E20C5-DF4A-41E8-BCC1-C613097BACC5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev66:*:*:*:*:*:*", matchCriteriaId: "87667829-EE71-4169-84C4-81557A10F1CE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev67:*:*:*:*:*:*", matchCriteriaId: "E713D3B0-6B90-4CFB-9FB3-D7CAC1B84415", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*", matchCriteriaId: "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*", matchCriteriaId: "BF34B133-486B-4D77-8745-4D0E082FF8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*", matchCriteriaId: "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:*:*:*:*:*:*:*", matchCriteriaId: "D2C4CC04-9CAA-467A-AE72-CF3AC970296C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev1:*:*:*:*:*:*", matchCriteriaId: "368ECEBC-4553-4A2A-8A2A-A4B8909C321D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev10:*:*:*:*:*:*", matchCriteriaId: "33BFF8F7-DB19-4F7B-9FED-5D3E50E31C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev11:*:*:*:*:*:*", matchCriteriaId: "8E60A592-965B-4ECD-BE52-C8BCF8164A6B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev12:*:*:*:*:*:*", matchCriteriaId: "37DC59B1-D23F-40EB-9F54-0BBBC8FA86E1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev13:*:*:*:*:*:*", matchCriteriaId: "91897609-C38E-47ED-9A45-34C26ACD4558", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev14:*:*:*:*:*:*", matchCriteriaId: "68CD6B95-5EAA-4D14-8958-787E7B8ADD8A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev15:*:*:*:*:*:*", matchCriteriaId: "A4EBEBD1-9E8A-4C18-95FA-E7D83A7DC557", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev16:*:*:*:*:*:*", matchCriteriaId: "6BAF8872-87D9-4271-80AA-E4200E6D8F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev17:*:*:*:*:*:*", matchCriteriaId: "E0FDDD1D-7EDC-4ED8-9288-DA1976B044FF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev18:*:*:*:*:*:*", matchCriteriaId: "AE6BC6B0-66A7-4B0A-9B11-E41A3C29064D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev19:*:*:*:*:*:*", matchCriteriaId: "0B981446-14BE-43A9-86FE-F282E8DA393D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev2:*:*:*:*:*:*", matchCriteriaId: "4190E7EF-E9BF-4B87-B5A7-F1C5639CF701", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev20:*:*:*:*:*:*", matchCriteriaId: "DC995A29-A9DB-4160-BEAD-7E6A3606F802", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev21:*:*:*:*:*:*", matchCriteriaId: "890672A1-63E4-45BA-B4A7-B1DCFCE03E17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev22:*:*:*:*:*:*", matchCriteriaId: "32AB90D5-CF22-45E4-A7E5-A3BC355C051A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev23:*:*:*:*:*:*", matchCriteriaId: "4287D478-7B66-4B94-AF06-FCFA3E3A49E5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev24:*:*:*:*:*:*", matchCriteriaId: "6949270A-47D6-495B-8B3A-CC97351E0B72", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev25:*:*:*:*:*:*", matchCriteriaId: "FF8F4DA7-035F-4C6E-9E97-265CC57A548B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev26:*:*:*:*:*:*", matchCriteriaId: "F6C50535-9E15-418A-8908-23C247CCF861", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev27:*:*:*:*:*:*", matchCriteriaId: "8503C015-94AF-419C-95DE-1A1043811B60", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev3:*:*:*:*:*:*", matchCriteriaId: "8DF4B515-D246-44A9-B4FA-094E33840EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev4:*:*:*:*:*:*", matchCriteriaId: "20D6F057-6D60-45CD-AF64-A17655FE4332", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev5:*:*:*:*:*:*", matchCriteriaId: "8AAEEE04-5D35-4007-9C19-47139D574C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev6:*:*:*:*:*:*", matchCriteriaId: "534A44A6-9F3F-4A95-8397-1264537AF98B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev7:*:*:*:*:*:*", matchCriteriaId: "0FDC984D-9BA2-44A8-A448-0B5FFD3714F8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev8:*:*:*:*:*:*", matchCriteriaId: "10C3CE2E-D599-4E7B-8DF7-CE143D38C248", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev9:*:*:*:*:*:*", matchCriteriaId: "5D50AB43-34ED-4514-A46D-17DCE8C0E13B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*", matchCriteriaId: "AEA29625-42CD-49CC-9E34-858CB6C5D28B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev1:*:*:*:*:*:*", matchCriteriaId: "3A43F58A-EF5F-470F-AD23-EA211A257B87", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev10:*:*:*:*:*:*", matchCriteriaId: "AF15D091-E31B-4AF7-8565-A545338443D7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev11:*:*:*:*:*:*", matchCriteriaId: "6530A58D-89B1-4991-8182-2CB39FF0607D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev12:*:*:*:*:*:*", matchCriteriaId: "359C31C1-FC65-4DB5-AC13-78752B991D85", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev13:*:*:*:*:*:*", matchCriteriaId: "20B39EEB-AE1F-41EF-BDA2-0C05583C19A9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev14:*:*:*:*:*:*", matchCriteriaId: "6814E0FE-C61F-4621-BCE9-E315FD27BDF9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev15:*:*:*:*:*:*", matchCriteriaId: "C500DC8B-1E2D-4D9E-89BF-DB1F583FCE1A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev16:*:*:*:*:*:*", matchCriteriaId: "B31AF178-6903-4C9C-85D0-4FC64B523D94", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev17:*:*:*:*:*:*", matchCriteriaId: "78BBF7A1-2683-4A1A-A907-22AA08547C34", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev18:*:*:*:*:*:*", matchCriteriaId: "8E8D7027-437A-4ACA-A4A1-34F2A1E49EFF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev19:*:*:*:*:*:*", matchCriteriaId: "233AF909-1320-4F50-98AE-0C3597EB77B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev2:*:*:*:*:*:*", matchCriteriaId: "8B99076E-CAAF-478A-A6CA-5F4D555F4F13", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev20:*:*:*:*:*:*", matchCriteriaId: "34400EA1-FBC0-4055-A921-96280EF73E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev21:*:*:*:*:*:*", matchCriteriaId: "BF5452D7-3326-415D-963D-BB9E4D5EA370", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev3:*:*:*:*:*:*", matchCriteriaId: "71AD5083-1D8A-4F84-8263-EB724F2BAFB0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev4:*:*:*:*:*:*", matchCriteriaId: "F2E2CBB1-66E4-463E-9C13-36311A5E57CC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev5:*:*:*:*:*:*", matchCriteriaId: "78419EB9-7DBD-4D86-9D9F-D207BE4A5606", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev6:*:*:*:*:*:*", matchCriteriaId: "6CFDEA47-85E0-468F-ACE1-D246C690B8D0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev7:*:*:*:*:*:*", matchCriteriaId: "51A93D40-8EC9-42FA-88B5-2C6A105D45DF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev8:*:*:*:*:*:*", matchCriteriaId: "990A037D-78A9-4BA5-B0E6-66D33B553CCF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev9:*:*:*:*:*:*", matchCriteriaId: "84AB3311-A474-43B3-A613-F876042473A2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:*:*:*:*:*:*:*", matchCriteriaId: "944562A2-53D7-4D75-B238-B9BD0F695E45", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*", matchCriteriaId: "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*", matchCriteriaId: "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*", matchCriteriaId: "B031D97E-A967-4124-8A42-EFA4B3576124", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*", matchCriteriaId: "649774E8-6489-4AD7-95A8-AAF7154B2C05", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*", matchCriteriaId: "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*", matchCriteriaId: "1AC0DD2C-02D1-4CA9-A05C-81359BD30FA2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows SSRF.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF", }, ], id: "CVE-2020-8544", lastModified: "2024-11-21T05:39:00.340", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-16T14:15:11.820", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev7:*:*:*:*:*:*", matchCriteriaId: "37C8561D-A430-47F7-89E0-56B995726C27", versionEndIncluding: "7.8.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev8. Referencias a un documento de tipo de definiciones Open XML externo (recursos .dtd) pueden ser puestas dentro de archivos .docx y .xslx. Estos recursos se solicitaron al analizar ciertas partes del documento generado. Como resultado, un atacante puede rastrear el acceso a un documento manipulado. El uso de un documento puede ser rastreado y la información sobre la infraestructura interna puede quedar expuesta.", }, ], id: "CVE-2016-4047", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:11.037", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036157", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-14 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
OX App Suite through 7.10.2 has Insecure Permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2019/Oct/25 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2019/Oct/25 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "F9CF4B9A-D36A-4A8E-B2A2-34C0CA70A24C", versionEndIncluding: "7.10.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.2 has Insecure Permissions.", }, { lang: "es", value: "OX App Suite hasta la versión 7.10.2 tiene permisos inseguros.", }, ], id: "CVE-2019-14226", lastModified: "2024-11-21T04:26:14.417", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-14T17:15:09.287", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2019/Oct/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2019/Oct/25", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-281", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-26 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "567B4139-220A-46A7-B847-616F99A1EA66", versionEndIncluding: "7.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8DAEED7B-C295-42B4-A60B-2EAA596E3D65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.", }, { lang: "es", value: "Vulnerabilidad XSS en Open-Xchange (OX) AppSuite v7.4.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de funciones oAuth no especificadas de la API.", }, ], id: "CVE-2013-7142", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-01-26T20:55:05.940", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/102193", }, { source: "cve@mitre.org", url: "http://seclists.org/bugtraq/2014/Jan/57", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/65012", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1029650", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90545", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/102193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/bugtraq/2014/Jan/57", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029650", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90545", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev9:*:*:*:*:*:*", matchCriteriaId: "F8BB7BBD-7706-479D-B1DB-9EAC321913EB", versionEndIncluding: "7.8.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev11. La API para configurar cuentas de email externas puede ser usada de forma abusiva para mapear y acceder a componentes de red dentro de los límites de confianza del operador. Usuarios pueden inyectar anfitriones y puertos arbitrarios a llamadas API. Dependiendo del tipo de respuesta, el contenido y la latencia, se puede recopilar información sobre la existencia de anfitriones y servicios. Atacantes pueden acceder a información de configuración interna sobre la infraestructura de un operador para preparar futuros ataques.", }, ], id: "CVE-2016-4046", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:09.880", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036157", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:51
Severity ?
7.6 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "59D4F30E-2F52-4948-9C69-C57472833C79", versionEndExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n", }, { lang: "es", value: "Se podría abusar de las solicitudes para recuperar metadatos de imágenes para incluir consultas SQL que se ejecutarían sin comprobar. Explotar esta vulnerabilidad requiere al menos acceso a redes adyacentes del servicio de conversión de imágenes, que no está expuesto a redes públicas de forma predeterminada. Se podrían ejecutar sentencias SQL Arbitrarias en el contexto de la cuenta de usuario de la base de datos de servicios. Las solicitudes de API ahora se verifican correctamente para detectar contenido válido y los intentos de omitir esta verificación se registran como errores. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-26454", lastModified: "2024-11-21T07:51:29.890", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 6, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-02T14:15:10.807", references: [ { source: "security@open-xchange.com", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:17
Severity ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/components/releasenotes/7.8.3/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/components/releasenotes/7.8.3/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.", }, { lang: "es", value: "OX Software GmbH OX App Suite versión 7.8.4 y anteriores, se ven afectadas por: Permisos Inseguros.", }, ], id: "CVE-2017-17060", lastModified: "2024-11-21T03:17:25.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T15:29:00.523", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/components/releasenotes/7.8.3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/components/releasenotes/7.8.3/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-275", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-03 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "C706FA8C-6D31-40A4-8B5A-ED1CA206B1CA", versionEndIncluding: "7.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.", }, { lang: "es", value: "Múltiples vulnerabilidades XSS en Open-Xchange AppSuite anterior a v7.2.2 permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarias a través de (1) contenido con el tipo text/xml MIME o (2) el campo comentario de Status de una cita.", }, ], id: "CVE-2013-5690", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-10-03T19:55:04.540", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/528940", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/528940", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-23 05:15
Modified
2024-11-21 05:04
Severity ?
Summary
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/Oct/20 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/Oct/20 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF por medio de la API de mensajes /ajax/messaging/message", }, ], id: "CVE-2020-15002", lastModified: "2024-11-21T05:04:36.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-23T05:15:13.157", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-30 15:29
Modified
2024-11-21 03:45
Severity ?
Summary
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.", }, { lang: "es", value: "OX App Suite, en su versión 7.8.4 y anteriores, permite ataques de Server-Side Request Forgery (SSRF).", }, ], id: "CVE-2018-12609", lastModified: "2024-11-21T03:45:32.250", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-30T15:29:03.257", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:56
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "59D4F30E-2F52-4948-9C69-C57472833C79", versionEndExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Documents operations, in this case \"drawing\", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.\n\n", }, { lang: "es", value: "Las operaciones de documentos, en este caso \"drawing\", podrían manipularse para contener tipos de datos no válidos, posiblemente código de script. Se podría inyectar código de script en una operación que se ejecutaría para los usuarios que colaboran activamente en el mismo documento. Ahora se verifica la validez de los datos de operación intercambiados entre partes colaboradoras para evitar la ejecución de código. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-29045", lastModified: "2024-11-21T07:56:26.413", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-02T14:15:11.153", references: [ { source: "security@open-xchange.com", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-25 10:31
Modified
2025-04-11 00:51
Severity ?
Summary
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200.", }, { lang: "es", value: "La API Hazelcast cluster en Open-Xchange AppSuite v7.0.x anterior a v7.0.2-rev15 y v7.2.x anterior a v7.2.2-rev16 permite a atacantes remotos conseguir información sensible sobre la actividad en tiempo de ejecución, configuración de red, sesiones de usuarios, interfaz \"memcache\" y el interfaz REST a través de llamadas API como hazelcast/rest/cluster/, una vulnerabilidad diferente a CVE-2013-5200.", }, ], id: "CVE-2013-5936", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-25T10:31:29.440", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Not Applicable, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Not Applicable, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un contacto cuyo nombre contiene código JavaScript", }, ], id: "CVE-2021-23934", lastModified: "2024-11-21T05:52:04.840", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-12T22:15:12.887", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:27
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Product, Vendor Advisory | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.8.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*", matchCriteriaId: "E804C89F-033F-43B3-B63B-172F9B2136CB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.", }, { lang: "es", value: "Open-Xchange GmbH OX App Suite 7.8.3 esta afectada por: Control de Acceso Incorrecto.", }, ], id: "CVE-2017-5212", lastModified: "2024-11-21T03:27:17.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T15:29:00.803", references: [ { source: "cve@mitre.org", tags: [ "Product", "Vendor Advisory", ], url: "http://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "http://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-18 13:15
Modified
2024-11-21 04:47
Severity ?
Summary
OX App Suite 7.10.1 and earlier allows Information Exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.open-xchange.com/ | Vendor Advisory | |
| nvd@nist.gov | https://packetstormsecurity.com/files/152404/Open-Xchange-AppSuite-7.10.1-Information-Disclosure-Improper-Access-Control.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "73A93F11-F8F2-44D2-B343-8D6058E5BC5D", versionEndIncluding: "7.10.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.1 and earlier allows Information Exposure.", }, { lang: "es", value: "OX App Suite 7.10.1 y versiones anteriores permiten la exposición de la información.", }, ], id: "CVE-2019-7159", lastModified: "2024-11-21T04:47:41.250", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-18T13:15:10.893", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, { source: "nvd@nist.gov", tags: [ "Third Party Advisory", ], url: "https://packetstormsecurity.com/files/152404/Open-Xchange-AppSuite-7.10.1-Information-Disclosure-Improper-Access-Control.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-14 16:15
Modified
2024-11-21 02:11
Severity ?
Summary
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "567B4139-220A-46A7-B847-616F99A1EA66", versionEndIncluding: "7.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "0A708019-6229-4768-994C-5A51B0495CAC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision1:*:*:*:*:*:*", matchCriteriaId: "A4895984-4266-4924-A9C4-4DFEA90AFF79", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision10:*:*:*:*:*:*", matchCriteriaId: "39A9F45E-5CAB-4BE5-8EAB-9E5ED43B4381", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision2:*:*:*:*:*:*", matchCriteriaId: "72DB60BE-F818-4481-95BD-C0C1A42F2618", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision3:*:*:*:*:*:*", matchCriteriaId: "0B54DE9D-563C-45A9-BDED-3F216FECF28B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision4:*:*:*:*:*:*", matchCriteriaId: "F2A40E87-368E-4815-9988-1153E1866103", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision5:*:*:*:*:*:*", matchCriteriaId: "E112E77E-C2CC-40D4-A8DC-F1FF76305CA8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision6:*:*:*:*:*:*", matchCriteriaId: "76A099A1-23A0-4F0B-84C4-05C687F24F20", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision7:*:*:*:*:*:*", matchCriteriaId: "D0E95BA0-1517-4DAA-93B5-2B84DF4C3074", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision8:*:*:*:*:*:*", matchCriteriaId: "5F1899F3-6554-4C42-ACA2-4C22993D49DA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision9:*:*:*:*:*:*", matchCriteriaId: "A45F679A-7F4D-49A5-8B95-E588102601F9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*", matchCriteriaId: "A0A22E01-73E0-4140-8BA1-AB147A9471CD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision1:*:*:*:*:*:*", matchCriteriaId: "91DC49BA-9FF4-4E0F-9723-E8F2970D6835", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision2:*:*:*:*:*:*", matchCriteriaId: "BB0ABA40-F8EF-4368-98A6-083F0E4528EF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision3:*:*:*:*:*:*", matchCriteriaId: "B9E00E96-8D99-4579-8104-274908F3AAD5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision4:*:*:*:*:*:*", matchCriteriaId: "733FEC4F-0DC2-49DE-8660-449CCE5A7F2F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision5:*:*:*:*:*:*", matchCriteriaId: "CFA35536-65FA-4228-9C84-CC69C91B3A3F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision6:*:*:*:*:*:*", matchCriteriaId: "0A6AABD0-D82F-465B-8B73-CA0B8A611DB8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision7:*:*:*:*:*:*", matchCriteriaId: "85511C44-A366-4F62-944B-AEEDB8A6B938", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision8:*:*:*:*:*:*", matchCriteriaId: "D3AD4BE8-CC1D-4FFA-B890-F565EA555366", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.", }, { lang: "es", value: "Una vulnerabilidad de tipo XML external entity (XXE) en Open-Xchange (OX) AppSuite versiones anteriores a 7.4.2-rev11 y versiones 7.6.x anteriores a 7.6.0-rev9, permite a atacantes remotos leer archivos arbitrarios y posiblemente otro impacto no especificado por medio de un documento OpenDocument Text diseñado.", }, ], id: "CVE-2014-5238", lastModified: "2024-11-21T02:11:40.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-14T16:15:11.527", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-17 20:15
Modified
2024-11-21 04:47
Severity ?
Summary
OX App Suite 7.10.0 and earlier has Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.open-xchange.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "B6DB6300-616C-4A04-BFAC-1ACB2135329B", versionEndIncluding: "7.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.0 and earlier has Incorrect Access Control.", }, { lang: "es", value: "OX App Suite versión 7.10.0 y anteriores, presenta un control de acceso incorrecto.", }, ], id: "CVE-2019-7158", lastModified: "2024-11-21T04:47:41.107", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-17T20:15:10.243", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-10 16:29
Modified
2024-11-21 03:10
Severity ?
Summary
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://app.com | Not Applicable | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://app.com | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.", }, { lang: "es", value: "OX Software GmbH App Suite 7.8.4 y anteriores se ve afectada por: Divulgación de información", }, ], id: "CVE-2017-12884", lastModified: "2024-11-21T03:10:22.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-10T16:29:00.250", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "http://app.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://app.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 04:09
Severity ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "CEE77111-9626-48C1-9C13-6FF650B91363", versionEndIncluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*", matchCriteriaId: "D4417841-A79D-479F-BBB4-13892CD29CCB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*", matchCriteriaId: "11FED64F-98F2-4155-A34D-DCC0DCF55CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*", matchCriteriaId: "544677BC-DEFB-45B8-BB08-124E5666A04B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*", matchCriteriaId: "ABA212B4-FC4B-4268-A778-23D588E76880", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*", matchCriteriaId: "10D10170-9528-49BB-88B8-92A4D016EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*", matchCriteriaId: "2DA48ACB-659B-408C-B7E1-945A6333C1A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*", matchCriteriaId: "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*", matchCriteriaId: "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*", matchCriteriaId: "449B4C7A-6287-4018-86AA-D34BEF8DB83C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*", matchCriteriaId: "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*", matchCriteriaId: "8BF46085-0E23-4C9C-9899-30EB63EFC392", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*", matchCriteriaId: "39BB146E-14BF-4AC7-B267-3176545CBCB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*", matchCriteriaId: "64201845-70B6-4124-BA02-DE0646BE75A9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*", matchCriteriaId: "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev31:*:*:*:*:*:*", matchCriteriaId: "5E5DE686-E794-4C06-9AC8-5682B1CF68AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev32:*:*:*:*:*:*", matchCriteriaId: "E4710EAE-6227-4A72-9549-6EEF0CEB6E06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev33:*:*:*:*:*:*", matchCriteriaId: "7AD9AE40-5AE0-4DA6-BD1D-CC02746DA917", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev35:*:*:*:*:*:*", matchCriteriaId: "3681A31A-1795-4C44-B482-1F1028449960", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E26B66B2-9BE8-4843-9B4B-D673FAC44023", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*", matchCriteriaId: "2633E559-38E4-4024-BB5F-94EDFE5F93FF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*", matchCriteriaId: "E804C89F-033F-43B3-B63B-172F9B2136CB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*", matchCriteriaId: "0F7C6765-34DD-4326-99A8-F85DA19ECE91", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*", matchCriteriaId: "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*", matchCriteriaId: "B040A950-FEC3-465D-AD19-3AA8EE11AE92", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*", matchCriteriaId: "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*", matchCriteriaId: "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*", matchCriteriaId: "76D18DCA-5D64-4D38-99B0-1B984C402E70", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*", matchCriteriaId: "46718CD2-0403-4DA2-B157-5714BD654EB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*", matchCriteriaId: "4BA1274B-9103-449F-ABD1-C898B716B433", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*", matchCriteriaId: "3BB485BC-3247-4E06-8017-118B597B0184", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*", matchCriteriaId: "6C447C6E-6188-47C6-BC68-8FD99B49F2D0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*", matchCriteriaId: "211647E5-8BCA-4393-B54B-CE382D5DF3F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*", matchCriteriaId: "855C2E78-C554-43A7-BD3F-747053F45709", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*", matchCriteriaId: "64594DD5-2816-4123-A12C-505FE4480AE9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*", matchCriteriaId: "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*", matchCriteriaId: "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*", matchCriteriaId: "30145547-3406-4639-A5AD-52EFAA734EEF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*", matchCriteriaId: "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*", matchCriteriaId: "91040A22-04F6-43ED-A6A1-060703D285C7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*", matchCriteriaId: "5A3E2338-E774-4188-B352-B79FBB9C5511", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*", matchCriteriaId: "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*", matchCriteriaId: "E8381BB7-3602-4DCF-A070-1067C277AAA0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*", matchCriteriaId: "98B758CC-D26C-4B83-98E7-3BA4ECF96966", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*", matchCriteriaId: "7BCE965A-70BE-4159-93D8-A2520C8C4CB2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*", matchCriteriaId: "1152B60C-3188-4BE7-897A-B09C5732ECAB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*", matchCriteriaId: "5F1F087A-7373-4B7F-87BD-8509704F47CF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*", matchCriteriaId: "D82CB956-9A14-49C5-8308-52198589BAC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*", matchCriteriaId: "2F202094-2A74-44DA-BB3A-06AF3326E544", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*", matchCriteriaId: "DC128D82-A687-4043-AC01-9A329ED9F9EB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*", matchCriteriaId: "CBE4CF1D-B716-4992-B3DE-599AD7407780", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*", matchCriteriaId: "49FCC4A7-3078-421A-A3A1-C58976F47262", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev41:*:*:*:*:*:*", matchCriteriaId: "E57747B2-0C7B-4004-82AA-8C59CABC3B12", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev42:*:*:*:*:*:*", matchCriteriaId: "BECD9AD4-EB03-4BF0-A219-DD965A55670A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev43:*:*:*:*:*:*", matchCriteriaId: "5E0F6A5B-BDBB-4DF5-91A0-440834EE161F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*", matchCriteriaId: "F57910B1-968D-4DF3-8C2D-9EB3765C7214", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*", matchCriteriaId: "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*", matchCriteriaId: "A07A8019-D7D7-4E1D-AEA7-DF509175393D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*", matchCriteriaId: "9FEEF620-CD8A-49C4-89D6-565503A1790F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6164303F-253E-440C-A45C-94FFF7B492AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*", matchCriteriaId: "4DD257D7-D9B2-4036-92D6-3A923B7DC59F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*", matchCriteriaId: "36383B07-AF6C-4EDA-A35E-50633D1612A4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*", matchCriteriaId: "032B8B47-9E01-41B3-99D4-DECD4727DEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*", matchCriteriaId: "F7211571-4614-4169-A897-D0047304A4B1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*", matchCriteriaId: "992082E5-5E00-40F0-8246-FD44D189C70D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*", matchCriteriaId: "4279A168-8A9A-43FF-8766-738EE31D6E25", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*", matchCriteriaId: "5A734819-B817-4E54-89B1-B6A5FD52C758", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*", matchCriteriaId: "63AFF50B-7ABD-455D-A2A5-05432B41E4BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*", matchCriteriaId: "E2842D25-1A80-4403-B7A2-6E26527588E8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*", matchCriteriaId: "7DAA5D88-75E9-4D77-9F34-AB456F0733F6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*", matchCriteriaId: "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*", matchCriteriaId: "8681201A-5DB3-42A9-A203-9641B4459537", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*", matchCriteriaId: "C567F8B8-D9D0-4006-819C-C995C6573FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*", matchCriteriaId: "07FEF270-E3ED-463D-9940-7FC9573E40C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*", matchCriteriaId: "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*", matchCriteriaId: "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*", matchCriteriaId: "BF34B133-486B-4D77-8745-4D0E082FF8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*", matchCriteriaId: "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the \"groups\" and \"users\" APIs.", }, { lang: "es", value: "El componente backend en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev36, versiones 7.8.x anteriores a la 7.8.2-rev39, versiones 7.8.3 anteriores a la 7.8.3-rev44 y versiones 7.8.4 anteriores a la 7.8.4-rev22 permite que usuarios remotos autenticados obtengan información sensible sobre usuarios invitados externos mediante vectores relacionados con las API \"groups\" y \"users\".", }, ], id: "CVE-2018-5751", lastModified: "2024-11-21T04:09:19.100", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-16T01:29:06.133", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-01-07 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FCF181B4-CEA4-4AF6-8B06-AE928A69AD3C", versionEndIncluding: "7.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*", matchCriteriaId: "A0A22E01-73E0-4140-8BA1-AB147A9471CD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.1:*:*:*:*:*:*:*", matchCriteriaId: "74858ACF-6B38-4403-90DE-2374BE699486", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.", }, { lang: "es", value: "Vulnerabilidad de XSS en el backend en Open-Xchange (OX) AppSuite anterior a 7.4.2-rev40, 7.6.0 anterior a 7.6.0-rev32, y 7.6.1 anterior a 7.6.1-rev11 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un fichero XHTML manipulado con el tipo MIME application/xhtml+xml.", }, ], id: "CVE-2014-8993", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-01-07T18:59:01.370", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/62031", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/534383/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1031488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/534383/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031488", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-02 19:15
Modified
2024-11-21 01:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 6.22.3 | |
| open-xchange | open-xchange_appsuite | 6.22.4 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.3:*:*:*:*:*:*:*", matchCriteriaId: "35AE7AAF-70B8-4FE4-B116-45C1169C14AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.4:*:*:*:*:*:*:*", matchCriteriaId: "5CE301DF-C6FD-4689-84D7-A5551980FDB7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8DAEED7B-C295-42B4-A60B-2EAA596E3D65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting (XSS) en el front-end en Open-Xchange (OX) AppSuite versiones 6.22.3 anteriores a la versión 6.22.3-rev5 y versiones 6.22.4 anteriores a la versión 6.22.4-rev12, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del asunto de un correo electrónico. NOTA: las vulnerabilidades relacionadas con el cuerpo del correo electrónico y el nombre de la publicación fueron SEPARADAS de este ID de CVE porque afectan a diferentes conjuntos de versiones.", }, ], id: "CVE-2013-6242", lastModified: "2024-11-21T01:58:54.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-02T19:15:11.947", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2013/Nov/127", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029394", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2013/Nov/127", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029394", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-26 04:15
Modified
2025-04-14 19:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Sep/0 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Sep/0 | Mailing List, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9D3B06B3-8919-4D41-87A6-DA39189750B9", versionEndExcluding: "7.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*", matchCriteriaId: "FE68F102-2EE1-44FF-A8AB-6F71F62712D1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*", matchCriteriaId: "4F5923E6-C4C1-492F-A130-65D102F67B40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*", matchCriteriaId: "D703A274-D197-42B3-9720-70E6CCD9E825", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*", matchCriteriaId: "D4D5F145-F2BA-4589-8B9A-B967069EA355", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*", matchCriteriaId: "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*", matchCriteriaId: "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*", matchCriteriaId: "3FAD63B8-9158-4552-8987-3A418AC5A3A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*", matchCriteriaId: "87793628-6C35-4137-B584-3AE2A8363AEC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*", matchCriteriaId: "06C14CAB-9C56-48A2-82FA-16110923CC78", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*", matchCriteriaId: "2201C280-3674-4FA4-8176-723C175A2469", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*", matchCriteriaId: "A3CB3836-AD68-4167-98FD-5B05CC9C92EE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*", matchCriteriaId: "604CF453-CBBE-4123-B3ED-87A8CBF407DE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*", matchCriteriaId: "6AF52278-E711-4656-9A1C-0A3A7F3C671F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*", matchCriteriaId: "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*", matchCriteriaId: "8A0D1287-7A32-4F56-97F2-8573F12D8EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*", matchCriteriaId: "69858B8E-E4C7-485C-882A-206E07D7343F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*", matchCriteriaId: "C2B82BFA-39B6-4DC8-B691-3284FDCFA227", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*", matchCriteriaId: "FD4E8470-B8CE-4670-8334-86B817180E96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*", matchCriteriaId: "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*", matchCriteriaId: "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*", matchCriteriaId: "41EA5F8E-05B5-4C4A-8853-B6948C358F06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*", matchCriteriaId: "3E1A5843-F09A-4BBE-878D-C967E4061B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*", matchCriteriaId: "D579A835-6B7F-4C77-991F-C760CB8D3750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*", matchCriteriaId: "B4935091-B9B4-4EA7-8785-FE4529ACFEBF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*", matchCriteriaId: "33DAB50E-18A0-43CC-9043-5E2B722F3A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*", matchCriteriaId: "0E1E9E82-17E3-4B43-AD5B-BBAD25759950", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*", matchCriteriaId: "E73BDC2E-3C39-454F-B929-8BB936F36AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*", matchCriteriaId: "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*", matchCriteriaId: "9EA739D6-10BD-48B4-9C30-92BE4381C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*", matchCriteriaId: "79219E01-26C2-462C-B604-783490F26565", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*", matchCriteriaId: "6F121147-1AAB-4123-AFD2-31F39434819F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*", matchCriteriaId: "52B9445C-4B0E-437A-BE3C-DBB8A621D354", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*", matchCriteriaId: "979495B8-8BF0-41B0-9BD5-48554A9C8889", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:8.2:-:*:*:*:*:*:*", matchCriteriaId: "40359DB5-5D7C-4864-A00C-607F264DACEE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.", }, { lang: "es", value: "OX App Suite hasta 8.2 permite XSS a través de una cierta jerarquía compleja que obliga al uso de Mostrar Mensaje Completo para un mensaje de correo electrónico HTML enorme.", }, ], id: "CVE-2022-29853", lastModified: "2025-04-14T19:15:30.913", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-12-26T04:15:10.387", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Sep/0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Sep/0", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS por medio de la cadena de consulta ajax/apps/manifiestos", }, ], id: "CVE-2021-23928", lastModified: "2024-11-21T05:52:03.893", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-12T22:15:12.510", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 05:38
Severity ?
Summary
OX App Suite through 7.10.3 allows XXE attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.3 | |
| open-xchange | open-xchange_appsuite | 7.10.3 | |
| open-xchange | open-xchange_appsuite | 7.10.3 | |
| open-xchange | open-xchange_appsuite | 7.10.3 | |
| open-xchange | open-xchange_appsuite | 7.10.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:*:*:*:*:*:*:*", matchCriteriaId: "D2C4CC04-9CAA-467A-AE72-CF3AC970296C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev1:*:*:*:*:*:*", matchCriteriaId: "368ECEBC-4553-4A2A-8A2A-A4B8909C321D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev2:*:*:*:*:*:*", matchCriteriaId: "4190E7EF-E9BF-4B87-B5A7-F1C5639CF701", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev3:*:*:*:*:*:*", matchCriteriaId: "8DF4B515-D246-44A9-B4FA-094E33840EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev4:*:*:*:*:*:*", matchCriteriaId: "20D6F057-6D60-45CD-AF64-A17655FE4332", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev5:*:*:*:*:*:*", matchCriteriaId: "8AAEEE04-5D35-4007-9C19-47139D574C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*", matchCriteriaId: "AEA29625-42CD-49CC-9E34-858CB6C5D28B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev1:*:*:*:*:*:*", matchCriteriaId: "3A43F58A-EF5F-470F-AD23-EA211A257B87", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev2:*:*:*:*:*:*", matchCriteriaId: "8B99076E-CAAF-478A-A6CA-5F4D555F4F13", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev3:*:*:*:*:*:*", matchCriteriaId: "71AD5083-1D8A-4F84-8263-EB724F2BAFB0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev4:*:*:*:*:*:*", matchCriteriaId: "F2E2CBB1-66E4-463E-9C13-36311A5E57CC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:*:*:*:*:*:*:*", matchCriteriaId: "944562A2-53D7-4D75-B238-B9BD0F695E45", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*", matchCriteriaId: "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*", matchCriteriaId: "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*", matchCriteriaId: "B031D97E-A967-4124-8A42-EFA4B3576124", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*", matchCriteriaId: "649774E8-6489-4AD7-95A8-AAF7154B2C05", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows XXE attacks.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.3, permite ataques de tipo XXE", }, ], id: "CVE-2020-8541", lastModified: "2024-11-21T05:38:59.903", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-16T14:15:11.557", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev9:*:*:*:*:*:*", matchCriteriaId: "F8BB7BBD-7706-479D-B1DB-9EAC321913EB", versionEndIncluding: "7.8.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks.", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev11. Los mensajes personalizados se pueden mostrar en la pantalla de inicio de sesión para notificar a los usuarios externos sobre problemas con los enlaces compartidos. Se puede abusar de este mecanismo para inyectar mensajes de texto arbitrarios. Usuarios pueden ser engañados para seguir instrucciones inyectadas por terceras partes como parte de ataques de ingeniería social.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/451.html\">CWE-451: User Interface (UI) Misrepresentation of Critical Information</a>", id: "CVE-2016-4048", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:12.143", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036157", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 04:09
Severity ?
Summary
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.8.0 | |
| open-xchange | open-xchange_appsuite | 7.8.2 | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "CEE77111-9626-48C1-9C13-6FF650B91363", versionEndIncluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E26B66B2-9BE8-4843-9B4B-D673FAC44023", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*", matchCriteriaId: "2633E559-38E4-4024-BB5F-94EDFE5F93FF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*", matchCriteriaId: "E804C89F-033F-43B3-B63B-172F9B2136CB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6164303F-253E-440C-A45C-94FFF7B492AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*", matchCriteriaId: "8681201A-5DB3-42A9-A203-9641B4459537", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio absoluto en el componente readerengine en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev3, versiones 7.8.x anteriores a la 7.8.2-rev4, versiones 7.8.3 anteriores a la 7.8.3-rev5 y versiones 7.8.4 anteriores a la 7.8.4-rev4 permite que atacantes remotos lean archivos arbitrarios mediante un nombre de ruta completo en una fórmula en una hoja de cálculo.", }, ], id: "CVE-2018-5755", lastModified: "2024-11-21T04:09:19.783", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 7.1, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-16T01:29:06.350", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-12 09:15
Modified
2024-11-21 08:21
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "59D4F30E-2F52-4948-9C69-C57472833C79", versionEndExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "F37B7CC3-A4D2-4CA5-8159-FE1A9016F9A0", versionEndExcluding: "8.20", versionStartExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*", matchCriteriaId: "0F56A261-EC62-423C-B487-35EA9D4A83FB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*", matchCriteriaId: "D295E160-C87A-498D-AB0E-BA1E50825249", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*", matchCriteriaId: "A30BE138-D745-4F0E-AAE4-202A1C769C85", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*", matchCriteriaId: "7CF4FCB9-7360-4ABB-95FB-0239CDC8D3AD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*", matchCriteriaId: "465DD666-3499-4911-A1DF-6BAAFCCFA006", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*", matchCriteriaId: "6F18CEDC-5D7A-4496-8B5E-59EBEA4362BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*", matchCriteriaId: "8C1DE547-F217-4518-AD90-3607AE21F6ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.", }, { lang: "es", value: "Las referencias de identificación de usuario en las menciones en los comentarios del documento no se sanitizaron correctamente. Se podría inyectar código de script en la sesión de un usuario cuando se trabaja con un documento malicioso. Implemente las actualizaciones y lanzamientos de parches proporcionados. El contenido definido por el usuario, como comentarios y menciones, ahora se filtra para evitar contenido potencialmente malicioso. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-41703", lastModified: "2024-11-21T08:21:30.267", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-12T09:15:10.480", references: [ { source: "security@open-xchange.com", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, { source: "security@open-xchange.com", tags: [ "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 03:46
Severity ?
Summary
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jan/46 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jan/46 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)", }, { lang: "es", value: "OX App Suite, en versiones 7.8.4 y anteriores, permite Cross-Site Scripting (XSS). Referencia interna: 58742 (Bug ID)", }, ], id: "CVE-2018-13104", lastModified: "2024-11-21T03:46:26.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-21T16:00:17.157", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jan/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jan/46", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*", matchCriteriaId: "63233ABF-06E1-4819-B885-1028FEA3EB5A", versionEndIncluding: "7.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. Archivos SVG pueden ser usados como álbumes mp3. En caso de que su estructura XML contenga un código script, este código puede ser ejecutado cuando se llama a la URL de portada relacionada. El código script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesión o activar acciones no deseadas a través de la interfaz web (envío de correo, eliminación de datos, etc.).", }, ], id: "CVE-2016-6847", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:19.223", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93457", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un JavaScript en una Nota referenciada mediante una URL mail://", }, ], id: "CVE-2021-23933", lastModified: "2024-11-21T05:52:04.690", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-12T22:15:12.823", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-23 05:15
Modified
2024-11-21 05:04
Severity ?
Summary
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/Oct/20 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/Oct/20 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*", matchCriteriaId: "AEA29625-42CD-49CC-9E34-858CB6C5D28B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:*:*:*:*:*:*:*", matchCriteriaId: "944562A2-53D7-4D75-B238-B9BD0F695E45", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.3, permite una Exposición de Información porque un usuario puede obtener la dirección IP y la cadena User-Agent de un usuario diferente (por medio de la API de sesión durante el acceso a la Unidad compartida)", }, ], id: "CVE-2020-15003", lastModified: "2024-11-21T05:04:36.373", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-23T05:15:13.283", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-26 03:15
Modified
2025-04-14 15:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9D3B06B3-8919-4D41-87A6-DA39189750B9", versionEndExcluding: "7.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*", matchCriteriaId: "FE68F102-2EE1-44FF-A8AB-6F71F62712D1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*", matchCriteriaId: "4F5923E6-C4C1-492F-A130-65D102F67B40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*", matchCriteriaId: "D703A274-D197-42B3-9720-70E6CCD9E825", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*", matchCriteriaId: "D4D5F145-F2BA-4589-8B9A-B967069EA355", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*", matchCriteriaId: "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*", matchCriteriaId: "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*", matchCriteriaId: "3FAD63B8-9158-4552-8987-3A418AC5A3A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*", matchCriteriaId: "87793628-6C35-4137-B584-3AE2A8363AEC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*", matchCriteriaId: "06C14CAB-9C56-48A2-82FA-16110923CC78", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*", matchCriteriaId: "2201C280-3674-4FA4-8176-723C175A2469", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*", matchCriteriaId: "A3CB3836-AD68-4167-98FD-5B05CC9C92EE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*", matchCriteriaId: "604CF453-CBBE-4123-B3ED-87A8CBF407DE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*", matchCriteriaId: "6AF52278-E711-4656-9A1C-0A3A7F3C671F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*", matchCriteriaId: "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*", matchCriteriaId: "8A0D1287-7A32-4F56-97F2-8573F12D8EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*", matchCriteriaId: "69858B8E-E4C7-485C-882A-206E07D7343F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*", matchCriteriaId: "C2B82BFA-39B6-4DC8-B691-3284FDCFA227", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*", matchCriteriaId: "FD4E8470-B8CE-4670-8334-86B817180E96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*", matchCriteriaId: "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*", matchCriteriaId: "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*", matchCriteriaId: "41EA5F8E-05B5-4C4A-8853-B6948C358F06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*", matchCriteriaId: "3E1A5843-F09A-4BBE-878D-C967E4061B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*", matchCriteriaId: "D579A835-6B7F-4C77-991F-C760CB8D3750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*", matchCriteriaId: "B4935091-B9B4-4EA7-8785-FE4529ACFEBF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*", matchCriteriaId: "33DAB50E-18A0-43CC-9043-5E2B722F3A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*", matchCriteriaId: "0E1E9E82-17E3-4B43-AD5B-BBAD25759950", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*", matchCriteriaId: "E73BDC2E-3C39-454F-B929-8BB936F36AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*", matchCriteriaId: "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*", matchCriteriaId: "9EA739D6-10BD-48B4-9C30-92BE4381C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*", matchCriteriaId: "79219E01-26C2-462C-B604-783490F26565", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*", matchCriteriaId: "6F121147-1AAB-4123-AFD2-31F39434819F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*", matchCriteriaId: "52B9445C-4B0E-437A-BE3C-DBB8A621D354", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*", matchCriteriaId: "979495B8-8BF0-41B0-9BD5-48554A9C8889", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*", matchCriteriaId: "A82EF754-CCB7-4A03-8986-42BA76E6A2C9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*", matchCriteriaId: "F4CAFBCA-BD13-4295-A558-844716BA0C81", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*", matchCriteriaId: "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.", }, { lang: "es", value: "OX App Suite hasta 7.10.6 permite XSS a través de HTML en mensajes de texto/correo electrónico sin formato.", }, ], id: "CVE-2022-37308", lastModified: "2025-04-14T15:15:18.710", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-12-26T03:15:11.767", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:51
Severity ?
5.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "59D4F30E-2F52-4948-9C69-C57472833C79", versionEndExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.\n\n", }, { lang: "es", value: "RMI no requería autenticación al llamar a ChronosRMIService:setEventOrganizer. Los atacantes con acceso a la red local o adyacente podrían abusar del servicio RMI para modificar elementos del calendario utilizando RMI. El acceso RMI está restringido a localhost de forma predeterminada. La interfaz se ha actualizada para requerir solicitudes autenticadas. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-26455", lastModified: "2024-11-21T07:51:30.080", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 4.7, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-02T14:15:10.873", references: [ { source: "security@open-xchange.com", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-26 04:15
Modified
2025-04-14 15:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9D3B06B3-8919-4D41-87A6-DA39189750B9", versionEndExcluding: "7.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*", matchCriteriaId: "FE68F102-2EE1-44FF-A8AB-6F71F62712D1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*", matchCriteriaId: "4F5923E6-C4C1-492F-A130-65D102F67B40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*", matchCriteriaId: "D703A274-D197-42B3-9720-70E6CCD9E825", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*", matchCriteriaId: "D4D5F145-F2BA-4589-8B9A-B967069EA355", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*", matchCriteriaId: "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*", matchCriteriaId: "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*", matchCriteriaId: "3FAD63B8-9158-4552-8987-3A418AC5A3A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*", matchCriteriaId: "87793628-6C35-4137-B584-3AE2A8363AEC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*", matchCriteriaId: "06C14CAB-9C56-48A2-82FA-16110923CC78", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*", matchCriteriaId: "2201C280-3674-4FA4-8176-723C175A2469", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*", matchCriteriaId: "A3CB3836-AD68-4167-98FD-5B05CC9C92EE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*", matchCriteriaId: "604CF453-CBBE-4123-B3ED-87A8CBF407DE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*", matchCriteriaId: "6AF52278-E711-4656-9A1C-0A3A7F3C671F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*", matchCriteriaId: "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*", matchCriteriaId: "8A0D1287-7A32-4F56-97F2-8573F12D8EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*", matchCriteriaId: "69858B8E-E4C7-485C-882A-206E07D7343F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*", matchCriteriaId: "C2B82BFA-39B6-4DC8-B691-3284FDCFA227", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*", matchCriteriaId: "FD4E8470-B8CE-4670-8334-86B817180E96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*", matchCriteriaId: "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*", matchCriteriaId: "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*", matchCriteriaId: "41EA5F8E-05B5-4C4A-8853-B6948C358F06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*", matchCriteriaId: "3E1A5843-F09A-4BBE-878D-C967E4061B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*", matchCriteriaId: "D579A835-6B7F-4C77-991F-C760CB8D3750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*", matchCriteriaId: "B4935091-B9B4-4EA7-8785-FE4529ACFEBF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*", matchCriteriaId: "33DAB50E-18A0-43CC-9043-5E2B722F3A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*", matchCriteriaId: "0E1E9E82-17E3-4B43-AD5B-BBAD25759950", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*", matchCriteriaId: "E73BDC2E-3C39-454F-B929-8BB936F36AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*", matchCriteriaId: "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*", matchCriteriaId: "9EA739D6-10BD-48B4-9C30-92BE4381C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*", matchCriteriaId: "79219E01-26C2-462C-B604-783490F26565", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*", matchCriteriaId: "6F121147-1AAB-4123-AFD2-31F39434819F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*", matchCriteriaId: "52B9445C-4B0E-437A-BE3C-DBB8A621D354", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*", matchCriteriaId: "979495B8-8BF0-41B0-9BD5-48554A9C8889", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*", matchCriteriaId: "A82EF754-CCB7-4A03-8986-42BA76E6A2C9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*", matchCriteriaId: "F4CAFBCA-BD13-4295-A558-844716BA0C81", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*", matchCriteriaId: "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.", }, { lang: "es", value: "OX App Suite hasta 7.10.6 permite XSS mediante código script dentro de un contacto que tiene una dirección de correo electrónico pero carece de nombre.", }, ], id: "CVE-2022-37309", lastModified: "2025-04-14T15:15:19.253", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-12-26T04:15:10.443", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:13
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Product | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.", }, { lang: "es", value: "Open-Xchange GmbH OX App Suite versión 7.8.4 y anteriores, se ven afectadas por: SSRF.", }, ], id: "CVE-2017-15029", lastModified: "2024-11-21T03:13:58.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T15:29:00.287", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "http://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "http://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-12 09:15
Modified
2024-11-21 08:21
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "7804FF21-94F6-4160-9628-B91ED4CDDCB6", versionEndExcluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "3159C504-0462-4AA9-9137-F25961B67ED6", versionEndExcluding: "7.10.6", versionStartExcluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "F37B7CC3-A4D2-4CA5-8159-FE1A9016F9A0", versionEndExcluding: "8.20", versionStartExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:-:*:*:*:*:*:*", matchCriteriaId: "7AB04398-3973-4503-959E-FA8EE511DA45", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3464:*:*:*:*:*:*", matchCriteriaId: "161CD641-C9EC-4FBE-BFFD-48C96FE71085", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3519:*:*:*:*:*:*", matchCriteriaId: "73F1F959-F82B-4E00-91AE-C39037A93DDF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3569:*:*:*:*:*:*", matchCriteriaId: "E151E1EA-DA35-47CB-80C2-359518C213FD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3627:*:*:*:*:*:*", matchCriteriaId: "156910B8-F553-4F4C-B990-131F04001AB2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3728:*:*:*:*:*:*", matchCriteriaId: "13248A9A-D131-4596-A511-A18A83F9D4C2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3875:*:*:*:*:*:*", matchCriteriaId: "54936294-45A6-410B-B6F6-CC2CEFCE937E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3922:*:*:*:*:*:*", matchCriteriaId: "8EDB7577-5763-41A1-90A7-7D7F225F8C14", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3949:*:*:*:*:*:*", matchCriteriaId: "39B4BD56-3236-4AE0-93F6-F0E0190C77AD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3991:*:*:*:*:*:*", matchCriteriaId: "6F20C5D9-6DCA-4F3F-A9A8-FACAE5C4AB18", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4047:*:*:*:*:*:*", matchCriteriaId: "F94B78AE-45FE-4BA7-BFD6-55767F8C3A0E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4133:*:*:*:*:*:*", matchCriteriaId: "B103D02E-C443-446B-A358-A052866BC624", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4423:*:*:*:*:*:*", matchCriteriaId: "4D578FCB-EE90-4BB9-9E28-DC1FA139787C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4470:*:*:*:*:*:*", matchCriteriaId: "71380C28-6A25-425B-BE7F-6D06E0CE5C2F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4552:*:*:*:*:*:*", matchCriteriaId: "DDBF0D2F-2C22-448E-A0D2-E66527188928", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4667:*:*:*:*:*:*", matchCriteriaId: "50EC169C-73B6-40F5-8C7A-6DD71DC19893", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4750:*:*:*:*:*:*", matchCriteriaId: "4B2CA948-280B-4EB8-9309-B016C9557A64", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4789:*:*:*:*:*:*", matchCriteriaId: "36511A48-EBD8-40C2-A1FB-10F33264CF3F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4839:*:*:*:*:*:*", matchCriteriaId: "EBE8374F-0D7D-422F-83AC-ADF9B9E6E511", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4860:*:*:*:*:*:*", matchCriteriaId: "285B9A4B-6F4F-4899-AD2A-57E22BF9F7BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4895:*:*:*:*:*:*", matchCriteriaId: "5BAD0604-90FC-4647-854A-E10330579B89", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5104:*:*:*:*:*:*", matchCriteriaId: "7F26505E-0F61-40A2-B6BA-17C7E30D375C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5165:*:*:*:*:*:*", matchCriteriaId: "FD3E0ABC-2DAC-4441-96DB-BD84DD8B8E81", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5231:*:*:*:*:*:*", matchCriteriaId: "347700F5-3BDA-4DA3-AA81-4D593E131AB9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5537:*:*:*:*:*:*", matchCriteriaId: "5EF075DE-44C7-4FC0-9BD7-E7A2C95651D8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5637:*:*:*:*:*:*", matchCriteriaId: "5CB6B4D0-E2B8-44F3-877B-293325EF44A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5910:*:*:*:*:*:*", matchCriteriaId: "716CC742-9F23-4734-9CFF-338A231476D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*", matchCriteriaId: "0F56A261-EC62-423C-B487-35EA9D4A83FB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*", matchCriteriaId: "D295E160-C87A-498D-AB0E-BA1E50825249", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*", matchCriteriaId: "A30BE138-D745-4F0E-AAE4-202A1C769C85", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*", matchCriteriaId: "7CF4FCB9-7360-4ABB-95FB-0239CDC8D3AD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*", matchCriteriaId: "465DD666-3499-4911-A1DF-6BAAFCCFA006", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*", matchCriteriaId: "6F18CEDC-5D7A-4496-8B5E-59EBEA4362BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*", matchCriteriaId: "8C1DE547-F217-4518-AD90-3607AE21F6ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.", }, { lang: "es", value: "Se puede abusar del procesamiento de referencias de CID en el correo electrónico para inyectar código de script malicioso que pasa el motor de sanitización. Se podría inyectar código de script malicioso en las sesiones de un usuario al interactuar con correos electrónicos. Implemente las actualizaciones y lanzamientos de parches proporcionados. Se ha mejorado la gestión de CID y se comprueba el contenido resultante en busca de contenido malicioso. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-41704", lastModified: "2024-11-21T08:21:30.443", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.7, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-12T09:15:10.697", references: [ { source: "security@open-xchange.com", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-26 04:15
Modified
2025-04-14 19:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Sep/0 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Sep/0 | Mailing List, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9D3B06B3-8919-4D41-87A6-DA39189750B9", versionEndExcluding: "7.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "ACC1F1C5-1B96-48D6-A600-900DD5BE72FA", versionEndExcluding: "8.2.324", versionStartIncluding: "8.2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*", matchCriteriaId: "FE68F102-2EE1-44FF-A8AB-6F71F62712D1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*", matchCriteriaId: "4F5923E6-C4C1-492F-A130-65D102F67B40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*", matchCriteriaId: "D703A274-D197-42B3-9720-70E6CCD9E825", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*", matchCriteriaId: "D4D5F145-F2BA-4589-8B9A-B967069EA355", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*", matchCriteriaId: "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*", matchCriteriaId: "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*", matchCriteriaId: "3FAD63B8-9158-4552-8987-3A418AC5A3A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*", matchCriteriaId: "87793628-6C35-4137-B584-3AE2A8363AEC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*", matchCriteriaId: "06C14CAB-9C56-48A2-82FA-16110923CC78", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*", matchCriteriaId: "2201C280-3674-4FA4-8176-723C175A2469", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*", matchCriteriaId: "A3CB3836-AD68-4167-98FD-5B05CC9C92EE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*", matchCriteriaId: "604CF453-CBBE-4123-B3ED-87A8CBF407DE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*", matchCriteriaId: "6AF52278-E711-4656-9A1C-0A3A7F3C671F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*", matchCriteriaId: "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*", matchCriteriaId: "8A0D1287-7A32-4F56-97F2-8573F12D8EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*", matchCriteriaId: "69858B8E-E4C7-485C-882A-206E07D7343F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*", matchCriteriaId: "C2B82BFA-39B6-4DC8-B691-3284FDCFA227", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*", matchCriteriaId: "FD4E8470-B8CE-4670-8334-86B817180E96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*", matchCriteriaId: "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*", matchCriteriaId: "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*", matchCriteriaId: "41EA5F8E-05B5-4C4A-8853-B6948C358F06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*", matchCriteriaId: "3E1A5843-F09A-4BBE-878D-C967E4061B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*", matchCriteriaId: "D579A835-6B7F-4C77-991F-C760CB8D3750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*", matchCriteriaId: "B4935091-B9B4-4EA7-8785-FE4529ACFEBF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*", matchCriteriaId: "33DAB50E-18A0-43CC-9043-5E2B722F3A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*", matchCriteriaId: "0E1E9E82-17E3-4B43-AD5B-BBAD25759950", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*", matchCriteriaId: "E73BDC2E-3C39-454F-B929-8BB936F36AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*", matchCriteriaId: "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*", matchCriteriaId: "9EA739D6-10BD-48B4-9C30-92BE4381C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*", matchCriteriaId: "79219E01-26C2-462C-B604-783490F26565", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*", matchCriteriaId: "6F121147-1AAB-4123-AFD2-31F39434819F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*", matchCriteriaId: "52B9445C-4B0E-437A-BE3C-DBB8A621D354", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*", matchCriteriaId: "979495B8-8BF0-41B0-9BD5-48554A9C8889", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.", }, { lang: "es", value: "OX App Suite hasta 8.2 permite XSS porque BMFreehand10 e image/x-freehand no están bloqueados.", }, ], id: "CVE-2022-29852", lastModified: "2025-04-14T19:15:30.747", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-12-26T04:15:10.333", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Sep/0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Sep/0", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 04:59
Severity ?
Summary
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/Aug/14 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/Aug/14 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "A06C48CD-12A4-4108-96F5-CCF40B11D104", versionEndIncluding: "7.10.3", versionStartIncluding: "7.10.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.", }, { lang: "es", value: "OX App Suite versiones 7.10.1 hasta 7.10.3, presenta una comprobación de entrada inapropiada para los límites de tarifas con un encabezado User-Agent diseñado, avisos de vacaciones falsificados y consumo de memoria de /apps/load", }, ], id: "CVE-2020-12645", lastModified: "2024-11-21T04:59:58.610", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-31T15:15:10.290", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/Aug/14", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2020/Aug/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-307", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 03:30
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "C77DCBA3-CB5A-4F73-817E-717C8335463E", versionEndIncluding: "7.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.", }, { lang: "es", value: "Open-Xchange GmbH OX App Suite Versión 7.8.3 y anteriores, se ven afectados por: Control de Acceso Incorrecto.", }, ], id: "CVE-2017-6912", lastModified: "2024-11-21T03:30:47.540", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-22T20:29:00.543", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS mediante el uso de la API conversion para un archivo distribuido", }, ], id: "CVE-2021-23930", lastModified: "2024-11-21T05:52:04.243", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-12T22:15:12.637", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-26 02:15
Modified
2025-04-14 15:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9D3B06B3-8919-4D41-87A6-DA39189750B9", versionEndExcluding: "7.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*", matchCriteriaId: "FE68F102-2EE1-44FF-A8AB-6F71F62712D1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*", matchCriteriaId: "4F5923E6-C4C1-492F-A130-65D102F67B40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*", matchCriteriaId: "D703A274-D197-42B3-9720-70E6CCD9E825", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*", matchCriteriaId: "D4D5F145-F2BA-4589-8B9A-B967069EA355", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*", matchCriteriaId: "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*", matchCriteriaId: "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*", matchCriteriaId: "3FAD63B8-9158-4552-8987-3A418AC5A3A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*", matchCriteriaId: "87793628-6C35-4137-B584-3AE2A8363AEC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*", matchCriteriaId: "06C14CAB-9C56-48A2-82FA-16110923CC78", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*", matchCriteriaId: "2201C280-3674-4FA4-8176-723C175A2469", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*", matchCriteriaId: "A3CB3836-AD68-4167-98FD-5B05CC9C92EE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*", matchCriteriaId: "604CF453-CBBE-4123-B3ED-87A8CBF407DE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*", matchCriteriaId: "6AF52278-E711-4656-9A1C-0A3A7F3C671F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*", matchCriteriaId: "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*", matchCriteriaId: "8A0D1287-7A32-4F56-97F2-8573F12D8EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*", matchCriteriaId: "69858B8E-E4C7-485C-882A-206E07D7343F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*", matchCriteriaId: "C2B82BFA-39B6-4DC8-B691-3284FDCFA227", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*", matchCriteriaId: "FD4E8470-B8CE-4670-8334-86B817180E96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*", matchCriteriaId: "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*", matchCriteriaId: "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*", matchCriteriaId: "41EA5F8E-05B5-4C4A-8853-B6948C358F06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*", matchCriteriaId: "3E1A5843-F09A-4BBE-878D-C967E4061B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*", matchCriteriaId: "D579A835-6B7F-4C77-991F-C760CB8D3750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*", matchCriteriaId: "B4935091-B9B4-4EA7-8785-FE4529ACFEBF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*", matchCriteriaId: "33DAB50E-18A0-43CC-9043-5E2B722F3A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*", matchCriteriaId: "0E1E9E82-17E3-4B43-AD5B-BBAD25759950", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*", matchCriteriaId: "E73BDC2E-3C39-454F-B929-8BB936F36AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*", matchCriteriaId: "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*", matchCriteriaId: "9EA739D6-10BD-48B4-9C30-92BE4381C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*", matchCriteriaId: "79219E01-26C2-462C-B604-783490F26565", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*", matchCriteriaId: "6F121147-1AAB-4123-AFD2-31F39434819F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*", matchCriteriaId: "52B9445C-4B0E-437A-BE3C-DBB8A621D354", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*", matchCriteriaId: "979495B8-8BF0-41B0-9BD5-48554A9C8889", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*", matchCriteriaId: "A82EF754-CCB7-4A03-8986-42BA76E6A2C9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*", matchCriteriaId: "F4CAFBCA-BD13-4295-A558-844716BA0C81", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*", matchCriteriaId: "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.", }, { lang: "es", value: "OX App Suite hasta 7.10.6 tiene un consumo de recursos incontrolado a través de un parámetro de solicitud de ubicación grande al servlet de redirección.", }, ], id: "CVE-2022-37311", lastModified: "2025-04-14T15:15:19.687", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-12-26T02:15:09.683", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1284", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-1284", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:27
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Product | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "C77DCBA3-CB5A-4F73-817E-717C8335463E", versionEndIncluding: "7.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).", }, { lang: "es", value: "Open-Xchange GmbH OX App Suite versión 7.8.3 y anteriores, se ven afectados por: Cross Site Scripting (XSS).", }, ], id: "CVE-2017-5213", lastModified: "2024-11-21T03:27:17.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T15:29:00.867", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "http://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "http://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 03:33
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "C77DCBA3-CB5A-4F73-817E-717C8335463E", versionEndIncluding: "7.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.", }, { lang: "es", value: "Open-Xchange GmbH OX App Suite versión 7.8.3 y anteriores, se ven afectados por: Control de Acceso Incorrecto.", }, ], id: "CVE-2017-8340", lastModified: "2024-11-21T03:33:48.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-22T20:29:00.620", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-10 15:29
Modified
2024-11-21 02:05
Severity ?
Summary
The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/archive/1/531502/100/0/threaded | Mitigation, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/92017 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/531502/100/0/threaded | Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/92017 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.4.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "0A708019-6229-4768-994C-5A51B0495CAC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.", }, { lang: "es", value: "El backend en Open-Xchange (OX) AppSuite, en versiones 7.4.2 anteriores a la 7.4.2-rev9, permite que atacantes remotos obtengan información sensible sobre direcciones de email de usuarios en circunstancias oportunistas aprovechando un error en la autoconfiguración de email para cuentas externas.", }, ], id: "CVE-2014-2078", lastModified: "2024-11-21T02:05:35.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-10T15:29:00.770", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/531502/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/531502/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92017", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-25 10:31
Modified
2025-04-11 00:51
Severity ?
Summary
Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.", }, { lang: "es", value: "Open-Xchange AppSuite v7.0.x anterior a v7.0.2-rev15 y v7.2.x anterior a v7.2.2-rev16 tiene una contraseña incrustada para operaciones de adhesión de nodos, lo que permite a atacantes remotos expandir un grupo encontrando esta contraseña en el código fuente y enviándola en una llamada Hazelcast cluster. Una vulnerabilidad diferente de CVE-2013-5200.", }, ], id: "CVE-2013-5934", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-25T10:31:29.393", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-255", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via the subject of a task.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Not Applicable, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Not Applicable, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9451471A-06E1-456C-8B82-ADEB746B97C7", versionEndIncluding: "7.10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via the subject of a task.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio del asunto de una tarea", }, ], id: "CVE-2021-23936", lastModified: "2024-11-21T05:52:05.177", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-12T22:15:13.010", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Not Applicable, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Not Applicable, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de una cita en el que la ubicación contiene código JavaScript", }, ], id: "CVE-2021-23935", lastModified: "2024-11-21T05:52:05.027", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-12T22:15:12.947", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-12 09:15
Modified
2024-11-21 08:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "7804FF21-94F6-4160-9628-B91ED4CDDCB6", versionEndExcluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "3159C504-0462-4AA9-9137-F25961B67ED6", versionEndExcluding: "7.10.6", versionStartExcluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "F37B7CC3-A4D2-4CA5-8159-FE1A9016F9A0", versionEndExcluding: "8.20", versionStartExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:-:*:*:*:*:*:*", matchCriteriaId: "7AB04398-3973-4503-959E-FA8EE511DA45", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3464:*:*:*:*:*:*", matchCriteriaId: "161CD641-C9EC-4FBE-BFFD-48C96FE71085", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3519:*:*:*:*:*:*", matchCriteriaId: "73F1F959-F82B-4E00-91AE-C39037A93DDF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3569:*:*:*:*:*:*", matchCriteriaId: "E151E1EA-DA35-47CB-80C2-359518C213FD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3627:*:*:*:*:*:*", matchCriteriaId: "156910B8-F553-4F4C-B990-131F04001AB2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3728:*:*:*:*:*:*", matchCriteriaId: "13248A9A-D131-4596-A511-A18A83F9D4C2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3875:*:*:*:*:*:*", matchCriteriaId: "54936294-45A6-410B-B6F6-CC2CEFCE937E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3922:*:*:*:*:*:*", matchCriteriaId: "8EDB7577-5763-41A1-90A7-7D7F225F8C14", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3949:*:*:*:*:*:*", matchCriteriaId: "39B4BD56-3236-4AE0-93F6-F0E0190C77AD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3991:*:*:*:*:*:*", matchCriteriaId: "6F20C5D9-6DCA-4F3F-A9A8-FACAE5C4AB18", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4047:*:*:*:*:*:*", matchCriteriaId: "F94B78AE-45FE-4BA7-BFD6-55767F8C3A0E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4133:*:*:*:*:*:*", matchCriteriaId: "B103D02E-C443-446B-A358-A052866BC624", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4423:*:*:*:*:*:*", matchCriteriaId: "4D578FCB-EE90-4BB9-9E28-DC1FA139787C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4470:*:*:*:*:*:*", matchCriteriaId: "71380C28-6A25-425B-BE7F-6D06E0CE5C2F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4552:*:*:*:*:*:*", matchCriteriaId: "DDBF0D2F-2C22-448E-A0D2-E66527188928", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4667:*:*:*:*:*:*", matchCriteriaId: "50EC169C-73B6-40F5-8C7A-6DD71DC19893", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4750:*:*:*:*:*:*", matchCriteriaId: "4B2CA948-280B-4EB8-9309-B016C9557A64", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4789:*:*:*:*:*:*", matchCriteriaId: "36511A48-EBD8-40C2-A1FB-10F33264CF3F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4839:*:*:*:*:*:*", matchCriteriaId: "EBE8374F-0D7D-422F-83AC-ADF9B9E6E511", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4860:*:*:*:*:*:*", matchCriteriaId: "285B9A4B-6F4F-4899-AD2A-57E22BF9F7BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4895:*:*:*:*:*:*", matchCriteriaId: "5BAD0604-90FC-4647-854A-E10330579B89", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5104:*:*:*:*:*:*", matchCriteriaId: "7F26505E-0F61-40A2-B6BA-17C7E30D375C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5165:*:*:*:*:*:*", matchCriteriaId: "FD3E0ABC-2DAC-4441-96DB-BD84DD8B8E81", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5231:*:*:*:*:*:*", matchCriteriaId: "347700F5-3BDA-4DA3-AA81-4D593E131AB9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5537:*:*:*:*:*:*", matchCriteriaId: "5EF075DE-44C7-4FC0-9BD7-E7A2C95651D8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5637:*:*:*:*:*:*", matchCriteriaId: "5CB6B4D0-E2B8-44F3-877B-293325EF44A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5910:*:*:*:*:*:*", matchCriteriaId: "716CC742-9F23-4734-9CFF-338A231476D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*", matchCriteriaId: "0F56A261-EC62-423C-B487-35EA9D4A83FB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*", matchCriteriaId: "D295E160-C87A-498D-AB0E-BA1E50825249", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*", matchCriteriaId: "A30BE138-D745-4F0E-AAE4-202A1C769C85", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*", matchCriteriaId: "7CF4FCB9-7360-4ABB-95FB-0239CDC8D3AD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*", matchCriteriaId: "465DD666-3499-4911-A1DF-6BAAFCCFA006", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*", matchCriteriaId: "6F18CEDC-5D7A-4496-8B5E-59EBEA4362BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*", matchCriteriaId: "8C1DE547-F217-4518-AD90-3607AE21F6ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.", }, { lang: "es", value: "El procesamiento de cadenas de agente de usuario DAV definidas por el usuario no está limitado. La disponibilidad de OX App Suite podría verse reducida debido a la alta carga de procesamiento. Implemente las actualizaciones y lanzamientos de parches proporcionados. Ahora se monitorea el tiempo de procesamiento de los agentes de usuario de DAV y la solicitud relacionada finaliza si se alcanza un umbral de recursos. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-41705", lastModified: "2024-11-21T08:21:30.620", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-12T09:15:10.880", references: [ { source: "security@open-xchange.com", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-20 13:15
Modified
2024-11-21 04:21
Severity ?
Summary
OX App Suite 7.10.0 to 7.10.2 allows XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "69277FAF-AF8C-41C8-A8BC-345290A75B78", versionEndIncluding: "7.10.2", versionStartIncluding: "7.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.0 to 7.10.2 allows XSS.", }, { lang: "es", value: "OX App Suite 7.10.0 a 7.10.2 permite XSS.", }, ], id: "CVE-2019-11522", lastModified: "2024-11-21T04:21:16.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-20T13:15:11.650", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-11-21 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FCF181B4-CEA4-4AF6-8B06-AE928A69AD3C", versionEndIncluding: "7.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*", matchCriteriaId: "A0A22E01-73E0-4140-8BA1-AB147A9471CD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en Open-Xchange (OX) AppSuite anterior a 7.4.2-rev36 y 7.6.x anterior a 7.6.0-rev23 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de un llamada manipulada a la API jslob.", }, ], id: "CVE-2014-7871", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-21T15:59:02.820", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/533936/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/70982", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98563", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/533936/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/70982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98563", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-30 15:29
Modified
2024-11-21 03:45
Severity ?
Summary
OX App Suite 7.8.4 and earlier allows Directory Traversal.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.8.4 and earlier allows Directory Traversal.", }, { lang: "es", value: "OX App Suite, en su versión 7.8.4 y anteriores, permite saltos de directorio.", }, ], id: "CVE-2018-12611", lastModified: "2024-11-21T03:45:32.573", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-30T15:29:03.630", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-21 21:15
Modified
2024-11-21 04:33
Severity ?
Summary
OX App Suite through 7.10.2 allows SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "F9CF4B9A-D36A-4A8E-B2A2-34C0CA70A24C", versionEndIncluding: "7.10.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.2 allows SSRF.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.2, permite un ataque de tipo SSRF.", }, ], id: "CVE-2019-18846", lastModified: "2024-11-21T04:33:42.083", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-21T21:15:10.917", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-04-24 05:06
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.4.1 | |
| open-xchange | open-xchange_appsuite | 7.4.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "4051DD61-3387-4CFB-9243-FCB602813F10", versionEndIncluding: "7.2.2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0ABF6E32-2996-4DCF-A4A2-197CCFAEE22C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "0A708019-6229-4768-994C-5A51B0495CAC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.", }, { lang: "es", value: "Vulnerabilidad de XSS en Open-Xchange AppSuite 7.4.1 anterior a 7.4.1-rev11 y 7.4.2 anterior a 7.4.2-rev13 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un nombre de archivo Drive que no está manejado debidamente durante el uso del compositor para añadir un adjunto de email.", }, ], id: "CVE-2014-2393", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-04-24T05:06:05.670", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/531762", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/531762", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*", matchCriteriaId: "63233ABF-06E1-4819-B885-1028FEA3EB5A", versionEndIncluding: "7.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's \"Templates\" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. Establecer el nombre del usuario en el código JS hace que el código se ejecute cuando se selecciona la carpeta \"Templates\" de ese usuario desde ajustes OX Documents. Esto requiere que esa capeta sea compartida a la victima. El código script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesión o activar acciones no deseadas a través de la interfaz web (envío de correo, eliminación de datos, etc.).", }, ], id: "CVE-2016-6842", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:15.270", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93457", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-12 09:15
Modified
2024-11-21 08:21
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "59D4F30E-2F52-4948-9C69-C57472833C79", versionEndExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*", matchCriteriaId: "0F56A261-EC62-423C-B487-35EA9D4A83FB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*", matchCriteriaId: "D295E160-C87A-498D-AB0E-BA1E50825249", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*", matchCriteriaId: "A30BE138-D745-4F0E-AAE4-202A1C769C85", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*", matchCriteriaId: "7CF4FCB9-7360-4ABB-95FB-0239CDC8D3AD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*", matchCriteriaId: "465DD666-3499-4911-A1DF-6BAAFCCFA006", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*", matchCriteriaId: "6F18CEDC-5D7A-4496-8B5E-59EBEA4362BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*", matchCriteriaId: "8C1DE547-F217-4518-AD90-3607AE21F6ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "References to the \"app loader\" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.", }, { lang: "es", value: "Las referencias a la funcionalidad \"cargador de aplicaciones\" podrían contener redireccionamientos a ubicaciones inesperadas. Los atacantes podrían falsificar referencias de aplicaciones que eluden las salvaguardas existentes para inyectar código de script malicioso. Implemente las actualizaciones y lanzamientos de parches proporcionados. Las referencias a aplicaciones ahora se controlan de manera más estricta para evitar referencias relativas. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-41708", lastModified: "2024-11-21T08:21:31.140", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-12T09:15:11.470", references: [ { source: "security@open-xchange.com", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, { source: "security@open-xchange.com", tags: [ "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:27
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Product | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "C77DCBA3-CB5A-4F73-817E-717C8335463E", versionEndIncluding: "7.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.", }, { lang: "es", value: "Open-Xchange GmbH OX App Suite versión 7.8.3 y anteriores, se ven afectados por: Suplantación de Contenido.", }, ], id: "CVE-2017-5211", lastModified: "2024-11-21T03:27:17.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T15:29:00.727", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "http://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "http://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:56
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "59D4F30E-2F52-4948-9C69-C57472833C79", versionEndExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.\n\n", }, { lang: "es", value: "Las presentaciones pueden contener referencias a imágenes controladas por el usuario y podrían incluir código de script malicioso que se procesa al editar un documento. El código de script incorporado en documentos maliciosos podría ejecutarse en el contexto en el que el usuario edita el documento al realizar determinadas acciones, como copiar contenido. El atributo relevante ahora se codifica para evitar la posibilidad de ejecutar código de script. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-29043", lastModified: "2024-11-21T07:56:26.147", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-02T14:15:11.017", references: [ { source: "security@open-xchange.com", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-04-24 05:06
Modified
2025-04-12 10:46
Severity ?
Summary
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.4.1 | |
| open-xchange | open-xchange_appsuite | 7.4.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "4051DD61-3387-4CFB-9243-FCB602813F10", versionEndIncluding: "7.2.2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0ABF6E32-2996-4DCF-A4A2-197CCFAEE22C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "0A708019-6229-4768-994C-5A51B0495CAC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.", }, { lang: "es", value: "El servicio de recuperación de contraseña en Open-Xchange AppSuite anterior a 7.2.2-rev20, 7.4.1 anterior a 7.4.1-rev11, y 7.4.2 anterior a 7.4.2-rev13 toma una decision indebida sobre la sensibilidad de una cadena que representa una contraseña utilizada anteriormente pero actualmente invalida, lo que permite a atacantes remotos obtener información potencialmente útil de pautas de contraseñas mediante la lectura de (1) un registro de acceso al servidor web, (2) un registro Referer del servidor web o (3) un historial del navegador que contiene esta cadena debido a su presencia en una solicitud GET.", }, ], id: "CVE-2014-2391", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-04-24T05:06:05.530", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/531762", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/531762", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:13
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Product | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, { lang: "es", value: "Open-Xchange GmbH OX App Suite versión 7.8.4 y anteriores, se ven afectados por: Cross Site Scripting (XSS).", }, ], id: "CVE-2017-15030", lastModified: "2024-11-21T03:13:58.210", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T15:29:00.350", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "http://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "http://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-18 20:29
Modified
2024-11-21 03:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gquere/CVE-2017-6913 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gquere/CVE-2017-6913 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "CEE77111-9626-48C1-9C13-6FF650B91363", versionEndIncluding: "7.6.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.", }, { lang: "es", value: "Una vulnerabilidad Cross-Site Scripting (XSS) en Open-Xchange webmail en versiones anteriores a la 7.6.3-rev28 permite que atacantes remotos inyecten scripts web o HTML mediante el atributo event en una etiqueta time.", }, ], id: "CVE-2017-6913", lastModified: "2024-11-21T03:30:47.693", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-18T20:29:00.263", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/gquere/CVE-2017-6913", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/gquere/CVE-2017-6913", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-26 02:15
Modified
2025-04-14 15:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9D3B06B3-8919-4D41-87A6-DA39189750B9", versionEndExcluding: "7.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*", matchCriteriaId: "FE68F102-2EE1-44FF-A8AB-6F71F62712D1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*", matchCriteriaId: "4F5923E6-C4C1-492F-A130-65D102F67B40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*", matchCriteriaId: "D703A274-D197-42B3-9720-70E6CCD9E825", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*", matchCriteriaId: "D4D5F145-F2BA-4589-8B9A-B967069EA355", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*", matchCriteriaId: "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*", matchCriteriaId: "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*", matchCriteriaId: "3FAD63B8-9158-4552-8987-3A418AC5A3A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*", matchCriteriaId: "87793628-6C35-4137-B584-3AE2A8363AEC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*", matchCriteriaId: "06C14CAB-9C56-48A2-82FA-16110923CC78", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*", matchCriteriaId: "2201C280-3674-4FA4-8176-723C175A2469", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*", matchCriteriaId: "A3CB3836-AD68-4167-98FD-5B05CC9C92EE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*", matchCriteriaId: "604CF453-CBBE-4123-B3ED-87A8CBF407DE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*", matchCriteriaId: "6AF52278-E711-4656-9A1C-0A3A7F3C671F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*", matchCriteriaId: "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*", matchCriteriaId: "8A0D1287-7A32-4F56-97F2-8573F12D8EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*", matchCriteriaId: "69858B8E-E4C7-485C-882A-206E07D7343F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*", matchCriteriaId: "C2B82BFA-39B6-4DC8-B691-3284FDCFA227", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*", matchCriteriaId: "FD4E8470-B8CE-4670-8334-86B817180E96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*", matchCriteriaId: "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*", matchCriteriaId: "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*", matchCriteriaId: "41EA5F8E-05B5-4C4A-8853-B6948C358F06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*", matchCriteriaId: "3E1A5843-F09A-4BBE-878D-C967E4061B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*", matchCriteriaId: "D579A835-6B7F-4C77-991F-C760CB8D3750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*", matchCriteriaId: "B4935091-B9B4-4EA7-8785-FE4529ACFEBF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*", matchCriteriaId: "33DAB50E-18A0-43CC-9043-5E2B722F3A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*", matchCriteriaId: "0E1E9E82-17E3-4B43-AD5B-BBAD25759950", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*", matchCriteriaId: "E73BDC2E-3C39-454F-B929-8BB936F36AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*", matchCriteriaId: "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*", matchCriteriaId: "9EA739D6-10BD-48B4-9C30-92BE4381C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*", matchCriteriaId: "79219E01-26C2-462C-B604-783490F26565", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*", matchCriteriaId: "6F121147-1AAB-4123-AFD2-31F39434819F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*", matchCriteriaId: "52B9445C-4B0E-437A-BE3C-DBB8A621D354", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*", matchCriteriaId: "979495B8-8BF0-41B0-9BD5-48554A9C8889", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*", matchCriteriaId: "A82EF754-CCB7-4A03-8986-42BA76E6A2C9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*", matchCriteriaId: "F4CAFBCA-BD13-4295-A558-844716BA0C81", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*", matchCriteriaId: "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.", }, { lang: "es", value: "OX App Suite hasta 7.10.6 permite XSS a través de XHTML CDATA para un fragmento, como lo demuestra el atributo onerror de un elemento IMG dentro de una firma de correo electrónico.", }, ], id: "CVE-2022-37307", lastModified: "2025-04-14T15:15:18.210", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-12-26T02:15:09.633", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-06 20:15
Modified
2024-11-21 04:31
Severity ?
Summary
OX App Suite through 7.10.2 has Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "F9CF4B9A-D36A-4A8E-B2A2-34C0CA70A24C", versionEndIncluding: "7.10.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.2 has Incorrect Access Control.", }, { lang: "es", value: "OX App Suite versiones hasta la versión 7.10.2, presenta un Control de Acceso Incorrecto.", }, ], id: "CVE-2019-16716", lastModified: "2024-11-21T04:31:02.747", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 8.5, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-06T20:15:12.087", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-276", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-11-20 13:19
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8DAEED7B-C295-42B4-A60B-2EAA596E3D65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.", }, { lang: "es", value: "Vulnerabilidad de XSS en Open-Xchange (OX) AppSuite 7.2.x anterior a la versión 7.2.2-rev25 y 7.4.x anterior a 7.4.0-rev14 permite a atacantes remotos inyectar script web o HTML arbitrario a través de un archivo SVG adjunto.", }, ], id: "CVE-2013-6074", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-11-20T13:19:42.697", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html", }, { source: "cve@mitre.org", url: "http://osvdb.org/99487", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/55575", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88609", }, { source: "cve@mitre.org", url: "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/99487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/55575", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-03 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "C706FA8C-6D31-40A4-8B5A-ED1CA206B1CA", versionEndIncluding: "7.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.", }, { lang: "es", value: "Vulnerabilidad de inyección CRLF en Open-Xchange AppSuite anterior a la versión 7.2.2, cuando se usa AJP en ciertas condiciones, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de división de respuestas HTTP a través del servlet ajax/defer.", }, ], id: "CVE-2013-6009", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-03T19:55:21.540", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/528940", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/528940", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 04:09
Severity ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "CEE77111-9626-48C1-9C13-6FF650B91363", versionEndIncluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*", matchCriteriaId: "D4417841-A79D-479F-BBB4-13892CD29CCB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*", matchCriteriaId: "11FED64F-98F2-4155-A34D-DCC0DCF55CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*", matchCriteriaId: "544677BC-DEFB-45B8-BB08-124E5666A04B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*", matchCriteriaId: "ABA212B4-FC4B-4268-A778-23D588E76880", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*", matchCriteriaId: "10D10170-9528-49BB-88B8-92A4D016EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*", matchCriteriaId: "2DA48ACB-659B-408C-B7E1-945A6333C1A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*", matchCriteriaId: "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*", matchCriteriaId: "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*", matchCriteriaId: "449B4C7A-6287-4018-86AA-D34BEF8DB83C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*", matchCriteriaId: "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*", matchCriteriaId: "8BF46085-0E23-4C9C-9899-30EB63EFC392", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*", matchCriteriaId: "39BB146E-14BF-4AC7-B267-3176545CBCB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*", matchCriteriaId: "64201845-70B6-4124-BA02-DE0646BE75A9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*", matchCriteriaId: "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev31:*:*:*:*:*:*", matchCriteriaId: "5E5DE686-E794-4C06-9AC8-5682B1CF68AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev32:*:*:*:*:*:*", matchCriteriaId: "E4710EAE-6227-4A72-9549-6EEF0CEB6E06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev33:*:*:*:*:*:*", matchCriteriaId: "7AD9AE40-5AE0-4DA6-BD1D-CC02746DA917", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev35:*:*:*:*:*:*", matchCriteriaId: "3681A31A-1795-4C44-B482-1F1028449960", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E26B66B2-9BE8-4843-9B4B-D673FAC44023", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*", matchCriteriaId: "2633E559-38E4-4024-BB5F-94EDFE5F93FF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*", matchCriteriaId: "E804C89F-033F-43B3-B63B-172F9B2136CB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*", matchCriteriaId: "0F7C6765-34DD-4326-99A8-F85DA19ECE91", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*", matchCriteriaId: "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*", matchCriteriaId: "B040A950-FEC3-465D-AD19-3AA8EE11AE92", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*", matchCriteriaId: "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*", matchCriteriaId: "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*", matchCriteriaId: "76D18DCA-5D64-4D38-99B0-1B984C402E70", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*", matchCriteriaId: "46718CD2-0403-4DA2-B157-5714BD654EB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*", matchCriteriaId: "4BA1274B-9103-449F-ABD1-C898B716B433", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*", matchCriteriaId: "3BB485BC-3247-4E06-8017-118B597B0184", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*", matchCriteriaId: "6C447C6E-6188-47C6-BC68-8FD99B49F2D0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*", matchCriteriaId: "211647E5-8BCA-4393-B54B-CE382D5DF3F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*", matchCriteriaId: "855C2E78-C554-43A7-BD3F-747053F45709", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*", matchCriteriaId: "64594DD5-2816-4123-A12C-505FE4480AE9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*", matchCriteriaId: "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*", matchCriteriaId: "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*", matchCriteriaId: "30145547-3406-4639-A5AD-52EFAA734EEF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*", matchCriteriaId: "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*", matchCriteriaId: "91040A22-04F6-43ED-A6A1-060703D285C7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*", matchCriteriaId: "5A3E2338-E774-4188-B352-B79FBB9C5511", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*", matchCriteriaId: "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*", matchCriteriaId: "E8381BB7-3602-4DCF-A070-1067C277AAA0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*", matchCriteriaId: "98B758CC-D26C-4B83-98E7-3BA4ECF96966", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*", matchCriteriaId: "7BCE965A-70BE-4159-93D8-A2520C8C4CB2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*", matchCriteriaId: "1152B60C-3188-4BE7-897A-B09C5732ECAB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*", matchCriteriaId: "5F1F087A-7373-4B7F-87BD-8509704F47CF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*", matchCriteriaId: "D82CB956-9A14-49C5-8308-52198589BAC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*", matchCriteriaId: "2F202094-2A74-44DA-BB3A-06AF3326E544", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*", matchCriteriaId: "DC128D82-A687-4043-AC01-9A329ED9F9EB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*", matchCriteriaId: "CBE4CF1D-B716-4992-B3DE-599AD7407780", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*", matchCriteriaId: "49FCC4A7-3078-421A-A3A1-C58976F47262", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev41:*:*:*:*:*:*", matchCriteriaId: "E57747B2-0C7B-4004-82AA-8C59CABC3B12", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev42:*:*:*:*:*:*", matchCriteriaId: "BECD9AD4-EB03-4BF0-A219-DD965A55670A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev43:*:*:*:*:*:*", matchCriteriaId: "5E0F6A5B-BDBB-4DF5-91A0-440834EE161F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*", matchCriteriaId: "F57910B1-968D-4DF3-8C2D-9EB3765C7214", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*", matchCriteriaId: "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*", matchCriteriaId: "A07A8019-D7D7-4E1D-AEA7-DF509175393D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*", matchCriteriaId: "9FEEF620-CD8A-49C4-89D6-565503A1790F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6164303F-253E-440C-A45C-94FFF7B492AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*", matchCriteriaId: "4DD257D7-D9B2-4036-92D6-3A923B7DC59F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*", matchCriteriaId: "36383B07-AF6C-4EDA-A35E-50633D1612A4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*", matchCriteriaId: "032B8B47-9E01-41B3-99D4-DECD4727DEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*", matchCriteriaId: "F7211571-4614-4169-A897-D0047304A4B1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*", matchCriteriaId: "992082E5-5E00-40F0-8246-FD44D189C70D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*", matchCriteriaId: "4279A168-8A9A-43FF-8766-738EE31D6E25", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*", matchCriteriaId: "5A734819-B817-4E54-89B1-B6A5FD52C758", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*", matchCriteriaId: "63AFF50B-7ABD-455D-A2A5-05432B41E4BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*", matchCriteriaId: "E2842D25-1A80-4403-B7A2-6E26527588E8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*", matchCriteriaId: "7DAA5D88-75E9-4D77-9F34-AB456F0733F6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*", matchCriteriaId: "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*", matchCriteriaId: "8681201A-5DB3-42A9-A203-9641B4459537", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*", matchCriteriaId: "C567F8B8-D9D0-4006-819C-C995C6573FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*", matchCriteriaId: "07FEF270-E3ED-463D-9940-7FC9573E40C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*", matchCriteriaId: "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*", matchCriteriaId: "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*", matchCriteriaId: "BF34B133-486B-4D77-8745-4D0E082FF8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*", matchCriteriaId: "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.", }, { lang: "es", value: "El componente backend en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev36, versiones 7.8.x anteriores a la 7.8.2-rev39, versiones 7.8.3 anteriores a la 7.8.3-rev44 y versiones 7.8.4 anteriores a la 7.8.4-rev22 no comprueba correctamente la asociación folder-to-object, lo que permite que usuarios autenticados remotos eliminen tareas arbitrarias mediante el id de tarea en una acción delete en api/tasks.", }, ], id: "CVE-2018-5756", lastModified: "2024-11-21T04:09:19.957", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-16T01:29:06.413", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 04:09
Severity ?
Summary
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "CEE77111-9626-48C1-9C13-6FF650B91363", versionEndIncluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*", matchCriteriaId: "D4417841-A79D-479F-BBB4-13892CD29CCB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*", matchCriteriaId: "11FED64F-98F2-4155-A34D-DCC0DCF55CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*", matchCriteriaId: "544677BC-DEFB-45B8-BB08-124E5666A04B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*", matchCriteriaId: "ABA212B4-FC4B-4268-A778-23D588E76880", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*", matchCriteriaId: "10D10170-9528-49BB-88B8-92A4D016EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*", matchCriteriaId: "2DA48ACB-659B-408C-B7E1-945A6333C1A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*", matchCriteriaId: "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*", matchCriteriaId: "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*", matchCriteriaId: "449B4C7A-6287-4018-86AA-D34BEF8DB83C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*", matchCriteriaId: "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*", matchCriteriaId: "8BF46085-0E23-4C9C-9899-30EB63EFC392", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*", matchCriteriaId: "39BB146E-14BF-4AC7-B267-3176545CBCB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*", matchCriteriaId: "64201845-70B6-4124-BA02-DE0646BE75A9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*", matchCriteriaId: "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E26B66B2-9BE8-4843-9B4B-D673FAC44023", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*", matchCriteriaId: "2633E559-38E4-4024-BB5F-94EDFE5F93FF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*", matchCriteriaId: "E804C89F-033F-43B3-B63B-172F9B2136CB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*", matchCriteriaId: "0F7C6765-34DD-4326-99A8-F85DA19ECE91", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*", matchCriteriaId: "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*", matchCriteriaId: "B040A950-FEC3-465D-AD19-3AA8EE11AE92", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*", matchCriteriaId: "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*", matchCriteriaId: "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*", matchCriteriaId: "76D18DCA-5D64-4D38-99B0-1B984C402E70", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*", matchCriteriaId: "46718CD2-0403-4DA2-B157-5714BD654EB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*", matchCriteriaId: "4BA1274B-9103-449F-ABD1-C898B716B433", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*", matchCriteriaId: "3BB485BC-3247-4E06-8017-118B597B0184", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*", matchCriteriaId: "6C447C6E-6188-47C6-BC68-8FD99B49F2D0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*", matchCriteriaId: "211647E5-8BCA-4393-B54B-CE382D5DF3F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*", matchCriteriaId: "855C2E78-C554-43A7-BD3F-747053F45709", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*", matchCriteriaId: "64594DD5-2816-4123-A12C-505FE4480AE9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*", matchCriteriaId: "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*", matchCriteriaId: "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*", matchCriteriaId: "30145547-3406-4639-A5AD-52EFAA734EEF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*", matchCriteriaId: "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*", matchCriteriaId: "91040A22-04F6-43ED-A6A1-060703D285C7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*", matchCriteriaId: "5A3E2338-E774-4188-B352-B79FBB9C5511", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*", matchCriteriaId: "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*", matchCriteriaId: "E8381BB7-3602-4DCF-A070-1067C277AAA0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*", matchCriteriaId: "98B758CC-D26C-4B83-98E7-3BA4ECF96966", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*", matchCriteriaId: "7BCE965A-70BE-4159-93D8-A2520C8C4CB2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*", matchCriteriaId: "1152B60C-3188-4BE7-897A-B09C5732ECAB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*", matchCriteriaId: "5F1F087A-7373-4B7F-87BD-8509704F47CF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*", matchCriteriaId: "D82CB956-9A14-49C5-8308-52198589BAC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*", matchCriteriaId: "2F202094-2A74-44DA-BB3A-06AF3326E544", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*", matchCriteriaId: "DC128D82-A687-4043-AC01-9A329ED9F9EB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*", matchCriteriaId: "CBE4CF1D-B716-4992-B3DE-599AD7407780", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*", matchCriteriaId: "49FCC4A7-3078-421A-A3A1-C58976F47262", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*", matchCriteriaId: "F57910B1-968D-4DF3-8C2D-9EB3765C7214", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*", matchCriteriaId: "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*", matchCriteriaId: "A07A8019-D7D7-4E1D-AEA7-DF509175393D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*", matchCriteriaId: "9FEEF620-CD8A-49C4-89D6-565503A1790F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6164303F-253E-440C-A45C-94FFF7B492AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*", matchCriteriaId: "4DD257D7-D9B2-4036-92D6-3A923B7DC59F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*", matchCriteriaId: "36383B07-AF6C-4EDA-A35E-50633D1612A4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*", matchCriteriaId: "032B8B47-9E01-41B3-99D4-DECD4727DEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*", matchCriteriaId: "F7211571-4614-4169-A897-D0047304A4B1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*", matchCriteriaId: "992082E5-5E00-40F0-8246-FD44D189C70D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*", matchCriteriaId: "4279A168-8A9A-43FF-8766-738EE31D6E25", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*", matchCriteriaId: "5A734819-B817-4E54-89B1-B6A5FD52C758", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*", matchCriteriaId: "63AFF50B-7ABD-455D-A2A5-05432B41E4BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*", matchCriteriaId: "E2842D25-1A80-4403-B7A2-6E26527588E8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*", matchCriteriaId: "8681201A-5DB3-42A9-A203-9641B4459537", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*", matchCriteriaId: "C567F8B8-D9D0-4006-819C-C995C6573FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*", matchCriteriaId: "07FEF270-E3ED-463D-9940-7FC9573E40C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*", matchCriteriaId: "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*", matchCriteriaId: "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*", matchCriteriaId: "BF34B133-486B-4D77-8745-4D0E082FF8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*", matchCriteriaId: "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the \"personal part\" of a (1) From or (2) Sender address.", }, { lang: "es", value: "El componente frontend en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev31, versiones 7.8.x anteriores a la 7.8.2-rev31, versiones 7.8.3 anteriores a la 7.8.3-rev41 y versiones 7.8.4 anteriores a la 7.8.4-rev20 permite que atacantes remotos suplanten el origen de emails mediante caracteres unicode en la \"parte personal\" de una dirección (1) From o (2) Sender.", }, ], id: "CVE-2018-5753", lastModified: "2024-11-21T04:09:19.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-16T01:29:06.240", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:56
Severity ?
5.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
7.3 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.3 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "59D4F30E-2F52-4948-9C69-C57472833C79", versionEndExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.\n\n", }, { lang: "es", value: "Los endpoints de la API Imageconverter proporcionaban métodos que no validaban ni sanitizaban correctamente la entrada del cliente, lo que permitía inyectar declaraciones SQL arbitrarias. Un atacante con acceso a la red adyacente y potencialmente credenciales API podría leer y modificar el contenido de la base de datos al que puede acceder la cuenta de usuario SQL de imageconverter. Ninguno No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-29047", lastModified: "2024-11-21T07:56:26.670", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 4, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-02T14:15:11.280", references: [ { source: "security@open-xchange.com", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-26 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "567B4139-220A-46A7-B847-616F99A1EA66", versionEndIncluding: "7.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8DAEED7B-C295-42B4-A60B-2EAA596E3D65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.", }, { lang: "es", value: "Vulnerabilidad en entidades externas XML (XXE) en la interfaz de CalDAV en Open-Xchange (OX) AppSuite 7.4.1 y anteriores permite a usuarios remotos autenticados leer porciones de archivos arbitrarios a través de vectores relacionados con el constructor de SAX y la interfaz de WebDAV. NOTA: este problema ha sido etiquetado como tanto como de recorrido ruta absoluta y XXE, pero la causa raiz puede ser XXE, ya XXE puede ser explotado para realizar el recorrido ruta absoluta y otros ataques.", }, ], evaluatorComment: "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')", id: "CVE-2013-7140", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-01-26T20:55:05.877", references: [ { source: "cve@mitre.org", url: "http://seclists.org/bugtraq/2014/Jan/57", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/102194", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/65015", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1029650", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/bugtraq/2014/Jan/57", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/102194", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029650", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90543", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev9:*:*:*:*:*:*", matchCriteriaId: "F8BB7BBD-7706-479D-B1DB-9EAC321913EB", versionEndIncluding: "7.8.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev11. Un código script se puede incorporar a las fuentes RSS mediante una notación de URL. En caso de que un usuario haga clic en el enlace correspondiente en el lector RSS de App Suite, el código se ejecuta en el contexto del usuario. El código script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesión o activar acciones no deseadas a través de la interfaz web (envío de correo, eliminación de datos, etc.). El atacante necesita estar dentro del mismo contexto para hacer que este ataque funcione.", }, ], id: "CVE-2016-4045", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:08.550", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036157", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-05 20:29
Modified
2024-11-21 04:16
Severity ?
Summary
Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jul/12 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1041213 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jul/12 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041213 | Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "CEE77111-9626-48C1-9C13-6FF650B91363", versionEndIncluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*", matchCriteriaId: "D4417841-A79D-479F-BBB4-13892CD29CCB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*", matchCriteriaId: "11FED64F-98F2-4155-A34D-DCC0DCF55CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*", matchCriteriaId: "544677BC-DEFB-45B8-BB08-124E5666A04B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*", matchCriteriaId: "ABA212B4-FC4B-4268-A778-23D588E76880", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*", matchCriteriaId: "10D10170-9528-49BB-88B8-92A4D016EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*", matchCriteriaId: "2DA48ACB-659B-408C-B7E1-945A6333C1A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*", matchCriteriaId: "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*", matchCriteriaId: "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*", matchCriteriaId: "449B4C7A-6287-4018-86AA-D34BEF8DB83C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*", matchCriteriaId: "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*", matchCriteriaId: "8BF46085-0E23-4C9C-9899-30EB63EFC392", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*", matchCriteriaId: "39BB146E-14BF-4AC7-B267-3176545CBCB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*", matchCriteriaId: "64201845-70B6-4124-BA02-DE0646BE75A9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*", matchCriteriaId: "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev31:*:*:*:*:*:*", matchCriteriaId: "5E5DE686-E794-4C06-9AC8-5682B1CF68AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev32:*:*:*:*:*:*", matchCriteriaId: "E4710EAE-6227-4A72-9549-6EEF0CEB6E06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev33:*:*:*:*:*:*", matchCriteriaId: "7AD9AE40-5AE0-4DA6-BD1D-CC02746DA917", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev35:*:*:*:*:*:*", matchCriteriaId: "3681A31A-1795-4C44-B482-1F1028449960", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev36:*:*:*:*:*:*", matchCriteriaId: "7E1BDCDE-71F7-4B9B-BD53-153EA1982A25", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E26B66B2-9BE8-4843-9B4B-D673FAC44023", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*", matchCriteriaId: "2633E559-38E4-4024-BB5F-94EDFE5F93FF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*", matchCriteriaId: "E804C89F-033F-43B3-B63B-172F9B2136CB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*", matchCriteriaId: "0F7C6765-34DD-4326-99A8-F85DA19ECE91", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*", matchCriteriaId: "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*", matchCriteriaId: "B040A950-FEC3-465D-AD19-3AA8EE11AE92", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*", matchCriteriaId: "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*", matchCriteriaId: "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*", matchCriteriaId: "76D18DCA-5D64-4D38-99B0-1B984C402E70", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*", matchCriteriaId: "46718CD2-0403-4DA2-B157-5714BD654EB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*", matchCriteriaId: "4BA1274B-9103-449F-ABD1-C898B716B433", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*", matchCriteriaId: "3BB485BC-3247-4E06-8017-118B597B0184", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*", matchCriteriaId: "6C447C6E-6188-47C6-BC68-8FD99B49F2D0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*", matchCriteriaId: "211647E5-8BCA-4393-B54B-CE382D5DF3F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*", matchCriteriaId: "855C2E78-C554-43A7-BD3F-747053F45709", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*", matchCriteriaId: "64594DD5-2816-4123-A12C-505FE4480AE9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*", matchCriteriaId: "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*", matchCriteriaId: "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*", matchCriteriaId: "30145547-3406-4639-A5AD-52EFAA734EEF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*", matchCriteriaId: "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*", matchCriteriaId: "91040A22-04F6-43ED-A6A1-060703D285C7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*", matchCriteriaId: "5A3E2338-E774-4188-B352-B79FBB9C5511", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*", matchCriteriaId: "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*", matchCriteriaId: "E8381BB7-3602-4DCF-A070-1067C277AAA0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*", matchCriteriaId: "98B758CC-D26C-4B83-98E7-3BA4ECF96966", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*", matchCriteriaId: "7BCE965A-70BE-4159-93D8-A2520C8C4CB2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*", matchCriteriaId: "1152B60C-3188-4BE7-897A-B09C5732ECAB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*", matchCriteriaId: "5F1F087A-7373-4B7F-87BD-8509704F47CF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*", matchCriteriaId: "D82CB956-9A14-49C5-8308-52198589BAC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*", matchCriteriaId: "2F202094-2A74-44DA-BB3A-06AF3326E544", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*", matchCriteriaId: "DC128D82-A687-4043-AC01-9A329ED9F9EB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*", matchCriteriaId: "CBE4CF1D-B716-4992-B3DE-599AD7407780", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*", matchCriteriaId: "49FCC4A7-3078-421A-A3A1-C58976F47262", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev41:*:*:*:*:*:*", matchCriteriaId: "E57747B2-0C7B-4004-82AA-8C59CABC3B12", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev42:*:*:*:*:*:*", matchCriteriaId: "BECD9AD4-EB03-4BF0-A219-DD965A55670A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev43:*:*:*:*:*:*", matchCriteriaId: "5E0F6A5B-BDBB-4DF5-91A0-440834EE161F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev44:*:*:*:*:*:*", matchCriteriaId: "4B02483E-5003-4FB2-B935-46A3C535D050", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev45:*:*:*:*:*:*", matchCriteriaId: "D17FE1EE-BB1E-4553-8902-F293B12829DC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev46:*:*:*:*:*:*", matchCriteriaId: "BA389E69-E455-4FCD-9E8B-5AF5AF204A3A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev47:*:*:*:*:*:*", matchCriteriaId: "83853E83-B5D6-4441-B40E-BD888C6FD007", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*", matchCriteriaId: "F57910B1-968D-4DF3-8C2D-9EB3765C7214", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*", matchCriteriaId: "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*", matchCriteriaId: "A07A8019-D7D7-4E1D-AEA7-DF509175393D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*", matchCriteriaId: "9FEEF620-CD8A-49C4-89D6-565503A1790F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6164303F-253E-440C-A45C-94FFF7B492AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*", matchCriteriaId: "4DD257D7-D9B2-4036-92D6-3A923B7DC59F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*", matchCriteriaId: "36383B07-AF6C-4EDA-A35E-50633D1612A4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*", matchCriteriaId: "032B8B47-9E01-41B3-99D4-DECD4727DEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*", matchCriteriaId: "F7211571-4614-4169-A897-D0047304A4B1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*", matchCriteriaId: "992082E5-5E00-40F0-8246-FD44D189C70D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*", matchCriteriaId: "4279A168-8A9A-43FF-8766-738EE31D6E25", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*", matchCriteriaId: "5A734819-B817-4E54-89B1-B6A5FD52C758", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*", matchCriteriaId: "63AFF50B-7ABD-455D-A2A5-05432B41E4BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*", matchCriteriaId: "E2842D25-1A80-4403-B7A2-6E26527588E8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*", matchCriteriaId: "7DAA5D88-75E9-4D77-9F34-AB456F0733F6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*", matchCriteriaId: "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev22:*:*:*:*:*:*", matchCriteriaId: "FD42433D-4B5C-43F5-8C5C-D97C6C3E5613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev23:*:*:*:*:*:*", matchCriteriaId: "B30EB62B-FEAC-4E7C-8AB8-E27879E18006", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev24:*:*:*:*:*:*", matchCriteriaId: "88A08BF6-4410-48F9-B4D9-FCCA7B6DBF64", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev25:*:*:*:*:*:*", matchCriteriaId: "49A24746-6C5E-48BE-A001-CB25BF0189D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev26:*:*:*:*:*:*", matchCriteriaId: "7DA74FDF-0313-4783-B69D-17861F228FA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev27:*:*:*:*:*:*", matchCriteriaId: "949DD220-BFA8-4C5B-8334-5D545D336879", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*", matchCriteriaId: "8681201A-5DB3-42A9-A203-9641B4459537", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*", matchCriteriaId: "C567F8B8-D9D0-4006-819C-C995C6573FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*", matchCriteriaId: "07FEF270-E3ED-463D-9940-7FC9573E40C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*", matchCriteriaId: "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*", matchCriteriaId: "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*", matchCriteriaId: "BF34B133-486B-4D77-8745-4D0E082FF8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*", matchCriteriaId: "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an \"all\" action to api/tasks.", }, { lang: "es", value: "Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev37, versiones 7.8.x anteriores a la 7.8.2-rev40, versiones 7.8.3 anteriores a la 7.8.3-rev48 y versiones 7.8.4 anteriores a la 7.8.4-rev28 incluye los nombres de carpeta en las respuestas de error de la API. Esto permite que los atacantes remotos obtengan información sensible mediante el parámetro folder en una acción \"all\" en api/tasks.", }, ], id: "CVE-2018-9998", lastModified: "2024-11-21T04:16:00.797", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-05T20:29:00.950", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jul/12", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jul/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041213", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-06 20:15
Modified
2024-11-21 04:31
Severity ?
Summary
OX App Suite through 7.10.2 has XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "F9CF4B9A-D36A-4A8E-B2A2-34C0CA70A24C", versionEndIncluding: "7.10.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.2 has XSS.", }, { lang: "es", value: "OX App Suite versiones hasta la versión 7.10.2, tiene una vulnerabilidad de tipo XSS.", }, ], id: "CVE-2019-16717", lastModified: "2024-11-21T04:31:02.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-06T20:15:12.163", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93460 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93460 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*", matchCriteriaId: "63233ABF-06E1-4819-B885-1028FEA3EB5A", versionEndIncluding: "7.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client (\"Reflected File Download\"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. La petición API puede ser usada para inyectar, generar y descargar archivos ejecutables al cliente (\"Reflected File Download\"). Se puede crear un archivo por lotes específico de plataforma malintencionada (por ejemplo, Microsoft Windows) a través de un dominio de confianza sin autenticación que, si es ejecutado por el usuario, puede conducir a la ejecución de código local.", }, ], id: "CVE-2016-6848", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:20.177", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93460", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93460", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-254", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 05:39
Severity ?
Summary
OX App Suite through 7.10.3 has Improper Input Validation.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6164303F-253E-440C-A45C-94FFF7B492AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev1:*:*:*:*:*:*", matchCriteriaId: "2C7EFE8F-CC45-436A-91A7-4D6CD1D60784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*", matchCriteriaId: "4DD257D7-D9B2-4036-92D6-3A923B7DC59F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*", matchCriteriaId: "36383B07-AF6C-4EDA-A35E-50633D1612A4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev12:*:*:*:*:*:*", matchCriteriaId: "A3305F0B-F84C-4F3A-8186-4086A2F29AA2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*", matchCriteriaId: "032B8B47-9E01-41B3-99D4-DECD4727DEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*", matchCriteriaId: "F7211571-4614-4169-A897-D0047304A4B1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*", matchCriteriaId: "992082E5-5E00-40F0-8246-FD44D189C70D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*", matchCriteriaId: "4279A168-8A9A-43FF-8766-738EE31D6E25", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*", matchCriteriaId: "5A734819-B817-4E54-89B1-B6A5FD52C758", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*", matchCriteriaId: "63AFF50B-7ABD-455D-A2A5-05432B41E4BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*", matchCriteriaId: "E2842D25-1A80-4403-B7A2-6E26527588E8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev2:*:*:*:*:*:*", matchCriteriaId: "42BCC26D-8B47-47E8-878A-11403C226E6E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*", matchCriteriaId: "7DAA5D88-75E9-4D77-9F34-AB456F0733F6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*", matchCriteriaId: "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev22:*:*:*:*:*:*", matchCriteriaId: "FD42433D-4B5C-43F5-8C5C-D97C6C3E5613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev23:*:*:*:*:*:*", matchCriteriaId: "B30EB62B-FEAC-4E7C-8AB8-E27879E18006", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev24:*:*:*:*:*:*", matchCriteriaId: "88A08BF6-4410-48F9-B4D9-FCCA7B6DBF64", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev25:*:*:*:*:*:*", matchCriteriaId: "49A24746-6C5E-48BE-A001-CB25BF0189D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev26:*:*:*:*:*:*", matchCriteriaId: "7DA74FDF-0313-4783-B69D-17861F228FA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev27:*:*:*:*:*:*", matchCriteriaId: "949DD220-BFA8-4C5B-8334-5D545D336879", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev28:*:*:*:*:*:*", matchCriteriaId: "F82BCE0D-A798-4A8A-B028-37AB4E4E9D76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev29:*:*:*:*:*:*", matchCriteriaId: "4DFC4CF9-F13A-43DC-81FA-2289D0B056F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*", matchCriteriaId: "8681201A-5DB3-42A9-A203-9641B4459537", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev30:*:*:*:*:*:*", matchCriteriaId: "6C53AE9B-BA64-4925-A6EA-9F591324F4C7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev31:*:*:*:*:*:*", matchCriteriaId: "9ACF0B3D-A306-4E23-A361-195D3D732907", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev32:*:*:*:*:*:*", matchCriteriaId: "5F71BE82-6E92-4372-99D7-ED46057CE572", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev33:*:*:*:*:*:*", matchCriteriaId: "75473DD5-3E0C-472B-ABAB-993538E89A0B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev34:*:*:*:*:*:*", matchCriteriaId: "B7D5A6CF-DAC1-4435-99FC-613BC99AACAC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev35:*:*:*:*:*:*", matchCriteriaId: "03D55E13-C2E3-4A01-8D2D-80F1C69ADB87", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev36:*:*:*:*:*:*", matchCriteriaId: "B9AA07E0-2863-436D-8585-6C0371371B34", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev37:*:*:*:*:*:*", matchCriteriaId: "03045CB8-638C-43C4-BAE3-B1F3586975FE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev38:*:*:*:*:*:*", matchCriteriaId: "81EB9BE2-498A-42D5-B500-750BD5907B11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev39:*:*:*:*:*:*", matchCriteriaId: "2F5A4455-2DE5-409A-A5B0-4EE9503022F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*", matchCriteriaId: "C567F8B8-D9D0-4006-819C-C995C6573FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev40:*:*:*:*:*:*", matchCriteriaId: "C5832883-CE88-4BE9-9F37-19BFF24DEE09", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev41:*:*:*:*:*:*", matchCriteriaId: "1B129936-271F-432D-AB91-25DA1E9AA960", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev42:*:*:*:*:*:*", matchCriteriaId: "0132F603-FA0B-4F91-A49D-FCFA12FDAC3F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev43:*:*:*:*:*:*", matchCriteriaId: "51626D24-7F17-4F43-A768-299F8ABAA663", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev44:*:*:*:*:*:*", matchCriteriaId: "878A7C59-96A2-4EAE-BD72-77C810B9D7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev45:*:*:*:*:*:*", matchCriteriaId: "77272167-B3E2-4046-8C03-1CF9C47E4ED1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev46:*:*:*:*:*:*", matchCriteriaId: "AA7CB7E5-542D-4E9B-B0F3-05073113147B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev47:*:*:*:*:*:*", matchCriteriaId: "16E2357C-3A1B-4A9B-B115-8F7CB10D95FC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev48:*:*:*:*:*:*", matchCriteriaId: "81033CCE-1255-43D2-B429-AAFA7C447885", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev49:*:*:*:*:*:*", matchCriteriaId: "D8478E43-E40D-4E02-B258-055A2120FED0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*", matchCriteriaId: "07FEF270-E3ED-463D-9940-7FC9573E40C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev50:*:*:*:*:*:*", matchCriteriaId: "CD4F40EE-F6E2-45ED-97CA-82B472476622", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev51:*:*:*:*:*:*", matchCriteriaId: "5D8FF2AA-C35F-4E68-A2EC-FC989E4CBE2F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev52:*:*:*:*:*:*", matchCriteriaId: "4C61C021-E42E-4387-85CF-2FBA2F061376", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev53:*:*:*:*:*:*", matchCriteriaId: "96BCE7CA-5EB8-429F-A707-52DF87B92BCB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev54:*:*:*:*:*:*", matchCriteriaId: "AC6CF5C5-93B2-4E00-9ED3-DB337475EDAC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev55:*:*:*:*:*:*", matchCriteriaId: "0CEC20C6-C269-455E-B069-D4071D2A06ED", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev56:*:*:*:*:*:*", matchCriteriaId: "84EAE1A5-7DD1-4F53-80AB-6BFAB46DA92A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev57:*:*:*:*:*:*", matchCriteriaId: "B3C1745F-5866-4443-AA1A-1C66F47E91D0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev58:*:*:*:*:*:*", matchCriteriaId: "37D8F313-87A1-4A8E-A357-97A9CFD5DDD7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev59:*:*:*:*:*:*", matchCriteriaId: "1C843E28-AA2C-4C95-9B4E-0135374D8E05", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*", matchCriteriaId: "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev60:*:*:*:*:*:*", matchCriteriaId: "5DD3B406-C8AD-4C0F-9A9D-C2C1E0C4B7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev61:*:*:*:*:*:*", matchCriteriaId: "C9D33E26-E4EA-4DF6-AEA0-0D3321500232", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev62:*:*:*:*:*:*", matchCriteriaId: "87DE98B2-602F-4C2A-9870-924A89E47A6C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev63:*:*:*:*:*:*", matchCriteriaId: "41B1D2EC-775F-4660-81BF-E45CFE1682E1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev64:*:*:*:*:*:*", matchCriteriaId: "0CBCF797-67ED-4A06-99D0-C21A928202D2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev65:*:*:*:*:*:*", matchCriteriaId: "790E20C5-DF4A-41E8-BCC1-C613097BACC5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev66:*:*:*:*:*:*", matchCriteriaId: "87667829-EE71-4169-84C4-81557A10F1CE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev67:*:*:*:*:*:*", matchCriteriaId: "E713D3B0-6B90-4CFB-9FB3-D7CAC1B84415", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*", matchCriteriaId: "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*", matchCriteriaId: "BF34B133-486B-4D77-8745-4D0E082FF8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*", matchCriteriaId: "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:*:*:*:*:*:*:*", matchCriteriaId: "D2C4CC04-9CAA-467A-AE72-CF3AC970296C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev1:*:*:*:*:*:*", matchCriteriaId: "368ECEBC-4553-4A2A-8A2A-A4B8909C321D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev10:*:*:*:*:*:*", matchCriteriaId: "33BFF8F7-DB19-4F7B-9FED-5D3E50E31C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev11:*:*:*:*:*:*", matchCriteriaId: "8E60A592-965B-4ECD-BE52-C8BCF8164A6B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev12:*:*:*:*:*:*", matchCriteriaId: "37DC59B1-D23F-40EB-9F54-0BBBC8FA86E1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev13:*:*:*:*:*:*", matchCriteriaId: "91897609-C38E-47ED-9A45-34C26ACD4558", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev14:*:*:*:*:*:*", matchCriteriaId: "68CD6B95-5EAA-4D14-8958-787E7B8ADD8A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev15:*:*:*:*:*:*", matchCriteriaId: "A4EBEBD1-9E8A-4C18-95FA-E7D83A7DC557", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev16:*:*:*:*:*:*", matchCriteriaId: "6BAF8872-87D9-4271-80AA-E4200E6D8F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev17:*:*:*:*:*:*", matchCriteriaId: "E0FDDD1D-7EDC-4ED8-9288-DA1976B044FF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev18:*:*:*:*:*:*", matchCriteriaId: "AE6BC6B0-66A7-4B0A-9B11-E41A3C29064D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev19:*:*:*:*:*:*", matchCriteriaId: "0B981446-14BE-43A9-86FE-F282E8DA393D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev2:*:*:*:*:*:*", matchCriteriaId: "4190E7EF-E9BF-4B87-B5A7-F1C5639CF701", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev20:*:*:*:*:*:*", matchCriteriaId: "DC995A29-A9DB-4160-BEAD-7E6A3606F802", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev21:*:*:*:*:*:*", matchCriteriaId: "890672A1-63E4-45BA-B4A7-B1DCFCE03E17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev22:*:*:*:*:*:*", matchCriteriaId: "32AB90D5-CF22-45E4-A7E5-A3BC355C051A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev23:*:*:*:*:*:*", matchCriteriaId: "4287D478-7B66-4B94-AF06-FCFA3E3A49E5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev24:*:*:*:*:*:*", matchCriteriaId: "6949270A-47D6-495B-8B3A-CC97351E0B72", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev25:*:*:*:*:*:*", matchCriteriaId: "FF8F4DA7-035F-4C6E-9E97-265CC57A548B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev26:*:*:*:*:*:*", matchCriteriaId: "F6C50535-9E15-418A-8908-23C247CCF861", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev27:*:*:*:*:*:*", matchCriteriaId: "8503C015-94AF-419C-95DE-1A1043811B60", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev3:*:*:*:*:*:*", matchCriteriaId: "8DF4B515-D246-44A9-B4FA-094E33840EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev4:*:*:*:*:*:*", matchCriteriaId: "20D6F057-6D60-45CD-AF64-A17655FE4332", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev5:*:*:*:*:*:*", matchCriteriaId: "8AAEEE04-5D35-4007-9C19-47139D574C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev6:*:*:*:*:*:*", matchCriteriaId: "534A44A6-9F3F-4A95-8397-1264537AF98B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev7:*:*:*:*:*:*", matchCriteriaId: "0FDC984D-9BA2-44A8-A448-0B5FFD3714F8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev8:*:*:*:*:*:*", matchCriteriaId: "10C3CE2E-D599-4E7B-8DF7-CE143D38C248", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev9:*:*:*:*:*:*", matchCriteriaId: "5D50AB43-34ED-4514-A46D-17DCE8C0E13B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*", matchCriteriaId: "AEA29625-42CD-49CC-9E34-858CB6C5D28B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev1:*:*:*:*:*:*", matchCriteriaId: "3A43F58A-EF5F-470F-AD23-EA211A257B87", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev10:*:*:*:*:*:*", matchCriteriaId: "AF15D091-E31B-4AF7-8565-A545338443D7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev11:*:*:*:*:*:*", matchCriteriaId: "6530A58D-89B1-4991-8182-2CB39FF0607D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev12:*:*:*:*:*:*", matchCriteriaId: "359C31C1-FC65-4DB5-AC13-78752B991D85", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev13:*:*:*:*:*:*", matchCriteriaId: "20B39EEB-AE1F-41EF-BDA2-0C05583C19A9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev14:*:*:*:*:*:*", matchCriteriaId: "6814E0FE-C61F-4621-BCE9-E315FD27BDF9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev15:*:*:*:*:*:*", matchCriteriaId: "C500DC8B-1E2D-4D9E-89BF-DB1F583FCE1A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev16:*:*:*:*:*:*", matchCriteriaId: "B31AF178-6903-4C9C-85D0-4FC64B523D94", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev17:*:*:*:*:*:*", matchCriteriaId: "78BBF7A1-2683-4A1A-A907-22AA08547C34", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev18:*:*:*:*:*:*", matchCriteriaId: "8E8D7027-437A-4ACA-A4A1-34F2A1E49EFF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev19:*:*:*:*:*:*", matchCriteriaId: "233AF909-1320-4F50-98AE-0C3597EB77B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev2:*:*:*:*:*:*", matchCriteriaId: "8B99076E-CAAF-478A-A6CA-5F4D555F4F13", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev20:*:*:*:*:*:*", matchCriteriaId: "34400EA1-FBC0-4055-A921-96280EF73E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev21:*:*:*:*:*:*", matchCriteriaId: "BF5452D7-3326-415D-963D-BB9E4D5EA370", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev3:*:*:*:*:*:*", matchCriteriaId: "71AD5083-1D8A-4F84-8263-EB724F2BAFB0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev4:*:*:*:*:*:*", matchCriteriaId: "F2E2CBB1-66E4-463E-9C13-36311A5E57CC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev5:*:*:*:*:*:*", matchCriteriaId: "78419EB9-7DBD-4D86-9D9F-D207BE4A5606", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev6:*:*:*:*:*:*", matchCriteriaId: "6CFDEA47-85E0-468F-ACE1-D246C690B8D0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev7:*:*:*:*:*:*", matchCriteriaId: "51A93D40-8EC9-42FA-88B5-2C6A105D45DF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev8:*:*:*:*:*:*", matchCriteriaId: "990A037D-78A9-4BA5-B0E6-66D33B553CCF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev9:*:*:*:*:*:*", matchCriteriaId: "84AB3311-A474-43B3-A613-F876042473A2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:*:*:*:*:*:*:*", matchCriteriaId: "944562A2-53D7-4D75-B238-B9BD0F695E45", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*", matchCriteriaId: "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*", matchCriteriaId: "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*", matchCriteriaId: "B031D97E-A967-4124-8A42-EFA4B3576124", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*", matchCriteriaId: "649774E8-6489-4AD7-95A8-AAF7154B2C05", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*", matchCriteriaId: "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*", matchCriteriaId: "1AC0DD2C-02D1-4CA9-A05C-81359BD30FA2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 has Improper Input Validation.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.3, presenta una Comprobación de Entrada Inapropiada", }, ], id: "CVE-2020-8543", lastModified: "2024-11-21T05:39:00.190", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-16T14:15:11.727", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_server | 6.22.0 | |
| open-xchange | open-xchange_server | 6.22.1 | |
| open-xchange | open-xchange_server | 7.0.1 | |
| open-xchange | open-xchange_server | 7.0.2 | |
| open-xchange | open-xchange_server | 7.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "58989467-7850-4D91-86D4-524EBE325869", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "BED21777-8642-49AC-A99F-87ED9B21FE14", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4FBAE267-EAB9-403A-8E1D-7C8EE68F0A36", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F5500DAF-78C2-4E30-AB1C-EF623C43956B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "CB2BB8DD-3901-44D7-9C35-C9403B6A919D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.", }, { lang: "es", value: "Vulnerabilidad Cross-site scripting (XSS) en Open-Xchange AppSuite y Server anterior a v6.22.0 rev16, v6.22.1 anterior a rev19, v7.0.1 anterior a rev7, v7.0.2 anterior a rev11, y v7.2.0 anterior a rev8 permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de una acción \"delivery=view\", también conocido como Bug ID 26373, una vulnerabilidad diferente a CVE-2013-3106.", }, ], id: "CVE-2013-5698", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-05T11:44:57.853", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 18:29
Modified
2024-11-21 03:11
Severity ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.", }, { lang: "es", value: "OX Software GmbH OX App Suite 7.8.4 y anteriores, se ven afectados por: SSRF.", }, ], id: "CVE-2017-13667", lastModified: "2024-11-21T03:11:23.260", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.1, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T18:29:00.683", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Not Applicable", ], url: "http://ox.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-12-27 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8DAEED7B-C295-42B4-A60B-2EAA596E3D65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315.", }, { lang: "es", value: "El widget de Cumpleaños en el 'backend' en Open-Xchange (OX) AppSuite 7.2.x anterior a 7.2.2-rev25 y 7.4.x anterior a 7.4.0-rev14, en algunos casos de compartición de identidad de usuario, no construye adecuadamente una sentencia SQL para los cumpleaños del año siguiente, lo que permite a usuarios remotos autenticados obtener información sensible de cumpleaños, información del nombre a mostrar, nombre, y apellidos a través de la acción cumpleaños en api/contacts, también conocido como bug 29315", }, ], id: "CVE-2013-6241", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-12-27T18:59:05.617", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html", }, { source: "cve@mitre.org", url: "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-26 04:15
Modified
2025-04-14 15:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9D3B06B3-8919-4D41-87A6-DA39189750B9", versionEndExcluding: "7.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*", matchCriteriaId: "FE68F102-2EE1-44FF-A8AB-6F71F62712D1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*", matchCriteriaId: "4F5923E6-C4C1-492F-A130-65D102F67B40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*", matchCriteriaId: "D703A274-D197-42B3-9720-70E6CCD9E825", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*", matchCriteriaId: "D4D5F145-F2BA-4589-8B9A-B967069EA355", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*", matchCriteriaId: "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*", matchCriteriaId: "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*", matchCriteriaId: "3FAD63B8-9158-4552-8987-3A418AC5A3A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*", matchCriteriaId: "87793628-6C35-4137-B584-3AE2A8363AEC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*", matchCriteriaId: "06C14CAB-9C56-48A2-82FA-16110923CC78", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*", matchCriteriaId: "2201C280-3674-4FA4-8176-723C175A2469", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*", matchCriteriaId: "A3CB3836-AD68-4167-98FD-5B05CC9C92EE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*", matchCriteriaId: "604CF453-CBBE-4123-B3ED-87A8CBF407DE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*", matchCriteriaId: "6AF52278-E711-4656-9A1C-0A3A7F3C671F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*", matchCriteriaId: "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*", matchCriteriaId: "8A0D1287-7A32-4F56-97F2-8573F12D8EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*", matchCriteriaId: "69858B8E-E4C7-485C-882A-206E07D7343F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*", matchCriteriaId: "C2B82BFA-39B6-4DC8-B691-3284FDCFA227", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*", matchCriteriaId: "FD4E8470-B8CE-4670-8334-86B817180E96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*", matchCriteriaId: "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*", matchCriteriaId: "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*", matchCriteriaId: "41EA5F8E-05B5-4C4A-8853-B6948C358F06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*", matchCriteriaId: "3E1A5843-F09A-4BBE-878D-C967E4061B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*", matchCriteriaId: "D579A835-6B7F-4C77-991F-C760CB8D3750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*", matchCriteriaId: "B4935091-B9B4-4EA7-8785-FE4529ACFEBF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*", matchCriteriaId: "33DAB50E-18A0-43CC-9043-5E2B722F3A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*", matchCriteriaId: "0E1E9E82-17E3-4B43-AD5B-BBAD25759950", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*", matchCriteriaId: "E73BDC2E-3C39-454F-B929-8BB936F36AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*", matchCriteriaId: "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*", matchCriteriaId: "9EA739D6-10BD-48B4-9C30-92BE4381C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*", matchCriteriaId: "79219E01-26C2-462C-B604-783490F26565", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*", matchCriteriaId: "6F121147-1AAB-4123-AFD2-31F39434819F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*", matchCriteriaId: "52B9445C-4B0E-437A-BE3C-DBB8A621D354", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*", matchCriteriaId: "979495B8-8BF0-41B0-9BD5-48554A9C8889", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*", matchCriteriaId: "A82EF754-CCB7-4A03-8986-42BA76E6A2C9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*", matchCriteriaId: "F4CAFBCA-BD13-4295-A558-844716BA0C81", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*", matchCriteriaId: "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.", }, { lang: "es", value: "OX App Suite hasta 7.10.6 permite XSS a través de una capacidad maliciosa para las métricas o el módulo de ayuda, como lo demuestra un URI /#!!&app=io.ox/files&cap=.", }, ], id: "CVE-2022-37310", lastModified: "2025-04-14T15:15:19.463", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-12-26T04:15:10.497", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93459 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93459 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*", matchCriteriaId: "63233ABF-06E1-4819-B885-1028FEA3EB5A", versionEndIncluding: "7.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. Usuarios pueden proporcionar rutas de archivo locales para el lector RSS; la respuesta y el código de error dan sugerencias sobre si el archivo proporcionado existe o no. Atacantes podrían descubrir versiones de sistemas de archivos o bibliotecas específicas en el servidor middleware para preparar futuros ataques.", }, ], id: "CVE-2016-6852", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:23.567", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93459", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93459", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:56
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "59D4F30E-2F52-4948-9C69-C57472833C79", versionEndExcluding: "7.10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*", matchCriteriaId: "F3F1FDC3-35B2-4BDB-A685-75BC72588179", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*", matchCriteriaId: "5B1E509D-2F41-4296-86D2-6BD71783060F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*", matchCriteriaId: "AC93EA37-F341-45EC-B651-4F326FB8C613", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*", matchCriteriaId: "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*", matchCriteriaId: "FC0AEFDB-D033-47FC-93FC-8652F922BB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*", matchCriteriaId: "B5354768-6527-43C2-B492-A8C14AB4E784", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*", matchCriteriaId: "D83F26D1-B8C6-4114-81EC-810DD5412DC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*", matchCriteriaId: "E9EBC010-9963-4636-96F7-A121FCF755A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*", matchCriteriaId: "F626D64B-C301-4CD8-94B4-48689BD3F29C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*", matchCriteriaId: "5E32810C-7B35-42F1-BCA5-E10C02BE2215", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*", matchCriteriaId: "6539D059-8614-4C26-93C4-C2DDCC5D35E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*", matchCriteriaId: "E359EE75-A2F9-479B-B757-CAE1064AB8F4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*", matchCriteriaId: "0BCABDEF-D292-406E-B53C-AFF22484E916", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*", matchCriteriaId: "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*", matchCriteriaId: "44B20B83-833A-4C68-8693-365BD046C157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*", matchCriteriaId: "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*", matchCriteriaId: "5F0C5E53-4D15-425A-B4CF-5869353724BF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*", matchCriteriaId: "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*", matchCriteriaId: "5CDD03A8-5B86-4B87-9C29-6C967261C5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*", matchCriteriaId: "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*", matchCriteriaId: "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*", matchCriteriaId: "5B0F0218-4224-4084-B38D-9719D3782C03", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*", matchCriteriaId: "BFC41329-1AD6-4575-A22D-977EC5539DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*", matchCriteriaId: "217A06B7-0823-4508-BC0C-AD792BA88F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*", matchCriteriaId: "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*", matchCriteriaId: "74D1EC02-D009-45DA-B1EC-2219E0F0183C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.\n\n", }, { lang: "es", value: "Las operaciones de documentos podrían manipularse para contener tipos de datos no válidos, posiblemente código de script. Se podría inyectar código de script en una operación que se ejecutaría para los usuarios que colaboran activamente en el mismo documento. Los datos de operación intercambiados entre partes colaboradoras ahora se escapan para evitar la ejecución del código. No se conocen exploits disponibles públicamente.", }, ], id: "CVE-2023-29044", lastModified: "2024-11-21T07:56:26.287", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "security@open-xchange.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-02T14:15:11.087", references: [ { source: "security@open-xchange.com", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "security@open-xchange.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, ], sourceIdentifier: "security@open-xchange.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@open-xchange.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 03:17
Severity ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "CEE77111-9626-48C1-9C13-6FF650B91363", versionEndIncluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*", matchCriteriaId: "D4417841-A79D-479F-BBB4-13892CD29CCB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*", matchCriteriaId: "11FED64F-98F2-4155-A34D-DCC0DCF55CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*", matchCriteriaId: "544677BC-DEFB-45B8-BB08-124E5666A04B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*", matchCriteriaId: "ABA212B4-FC4B-4268-A778-23D588E76880", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*", matchCriteriaId: "10D10170-9528-49BB-88B8-92A4D016EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*", matchCriteriaId: "2DA48ACB-659B-408C-B7E1-945A6333C1A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*", matchCriteriaId: "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*", matchCriteriaId: "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*", matchCriteriaId: "449B4C7A-6287-4018-86AA-D34BEF8DB83C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*", matchCriteriaId: "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*", matchCriteriaId: "8BF46085-0E23-4C9C-9899-30EB63EFC392", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*", matchCriteriaId: "39BB146E-14BF-4AC7-B267-3176545CBCB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*", matchCriteriaId: "64201845-70B6-4124-BA02-DE0646BE75A9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*", matchCriteriaId: "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev31:*:*:*:*:*:*", matchCriteriaId: "5E5DE686-E794-4C06-9AC8-5682B1CF68AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev32:*:*:*:*:*:*", matchCriteriaId: "E4710EAE-6227-4A72-9549-6EEF0CEB6E06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev33:*:*:*:*:*:*", matchCriteriaId: "7AD9AE40-5AE0-4DA6-BD1D-CC02746DA917", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E26B66B2-9BE8-4843-9B4B-D673FAC44023", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*", matchCriteriaId: "2633E559-38E4-4024-BB5F-94EDFE5F93FF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*", matchCriteriaId: "E804C89F-033F-43B3-B63B-172F9B2136CB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*", matchCriteriaId: "0F7C6765-34DD-4326-99A8-F85DA19ECE91", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*", matchCriteriaId: "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*", matchCriteriaId: "B040A950-FEC3-465D-AD19-3AA8EE11AE92", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*", matchCriteriaId: "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*", matchCriteriaId: "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*", matchCriteriaId: "76D18DCA-5D64-4D38-99B0-1B984C402E70", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*", matchCriteriaId: "46718CD2-0403-4DA2-B157-5714BD654EB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*", matchCriteriaId: "4BA1274B-9103-449F-ABD1-C898B716B433", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*", matchCriteriaId: "3BB485BC-3247-4E06-8017-118B597B0184", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*", matchCriteriaId: "6C447C6E-6188-47C6-BC68-8FD99B49F2D0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*", matchCriteriaId: "211647E5-8BCA-4393-B54B-CE382D5DF3F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*", matchCriteriaId: "855C2E78-C554-43A7-BD3F-747053F45709", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*", matchCriteriaId: "64594DD5-2816-4123-A12C-505FE4480AE9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*", matchCriteriaId: "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*", matchCriteriaId: "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*", matchCriteriaId: "30145547-3406-4639-A5AD-52EFAA734EEF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*", matchCriteriaId: "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*", matchCriteriaId: "91040A22-04F6-43ED-A6A1-060703D285C7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*", matchCriteriaId: "5A3E2338-E774-4188-B352-B79FBB9C5511", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*", matchCriteriaId: "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*", matchCriteriaId: "E8381BB7-3602-4DCF-A070-1067C277AAA0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*", matchCriteriaId: "98B758CC-D26C-4B83-98E7-3BA4ECF96966", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*", matchCriteriaId: "7BCE965A-70BE-4159-93D8-A2520C8C4CB2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*", matchCriteriaId: "1152B60C-3188-4BE7-897A-B09C5732ECAB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*", matchCriteriaId: "5F1F087A-7373-4B7F-87BD-8509704F47CF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*", matchCriteriaId: "D82CB956-9A14-49C5-8308-52198589BAC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*", matchCriteriaId: "2F202094-2A74-44DA-BB3A-06AF3326E544", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*", matchCriteriaId: "DC128D82-A687-4043-AC01-9A329ED9F9EB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*", matchCriteriaId: "CBE4CF1D-B716-4992-B3DE-599AD7407780", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*", matchCriteriaId: "49FCC4A7-3078-421A-A3A1-C58976F47262", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*", matchCriteriaId: "F57910B1-968D-4DF3-8C2D-9EB3765C7214", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*", matchCriteriaId: "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*", matchCriteriaId: "A07A8019-D7D7-4E1D-AEA7-DF509175393D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*", matchCriteriaId: "9FEEF620-CD8A-49C4-89D6-565503A1790F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6164303F-253E-440C-A45C-94FFF7B492AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*", matchCriteriaId: "4DD257D7-D9B2-4036-92D6-3A923B7DC59F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*", matchCriteriaId: "36383B07-AF6C-4EDA-A35E-50633D1612A4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*", matchCriteriaId: "032B8B47-9E01-41B3-99D4-DECD4727DEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*", matchCriteriaId: "F7211571-4614-4169-A897-D0047304A4B1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*", matchCriteriaId: "992082E5-5E00-40F0-8246-FD44D189C70D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*", matchCriteriaId: "4279A168-8A9A-43FF-8766-738EE31D6E25", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*", matchCriteriaId: "5A734819-B817-4E54-89B1-B6A5FD52C758", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*", matchCriteriaId: "63AFF50B-7ABD-455D-A2A5-05432B41E4BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*", matchCriteriaId: "8681201A-5DB3-42A9-A203-9641B4459537", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*", matchCriteriaId: "C567F8B8-D9D0-4006-819C-C995C6573FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*", matchCriteriaId: "07FEF270-E3ED-463D-9940-7FC9573E40C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*", matchCriteriaId: "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*", matchCriteriaId: "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*", matchCriteriaId: "BF34B133-486B-4D77-8745-4D0E082FF8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*", matchCriteriaId: "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.", }, { lang: "es", value: "El componente backend en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev35, versiones 7.8.x anteriores a la 7.8.2-rev38, versiones 7.8.3 anteriores a la 7.8.3-rev41 y versiones 7.8.4 anteriores a la 7.8.4-rev19 permite que usuarios remotos autenticados guarden atributos de usuario arbitrarios aprovechando la gestión incorrecta de privilegios.", }, ], id: "CVE-2017-17062", lastModified: "2024-11-21T03:17:25.500", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-16T01:29:02.913", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-14 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
OX App Suite 7.10.1 and 7.10.2 allows SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2019/Oct/25 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2019/Oct/25 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:*:*:*:*:*:*:*", matchCriteriaId: "D2C4CC04-9CAA-467A-AE72-CF3AC970296C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*", matchCriteriaId: "AEA29625-42CD-49CC-9E34-858CB6C5D28B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.1 and 7.10.2 allows SSRF.", }, { lang: "es", value: "OX App Suite versión 7.10.1 y versión 7.10.2 permite Server Side Request Forgery (SSRF).", }, ], id: "CVE-2019-14225", lastModified: "2024-11-21T04:26:14.267", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-14T17:15:09.193", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2019/Oct/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2019/Oct/25", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2025-04-11 00:51
Severity ?
Summary
Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75B04598-67CD-420B-92C9-9A7459295E11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.", }, { lang: "es", value: "Múltiples vulnerabilidades XSS en Open-Xchange AppSuite, 7.0.2 rev14, 7.2.0 anteior a rev11, 7.2.1 anteior a rev10, y 7.2.2 anteior a rev9 depende de los datos proporcionados por el usuario para predecir el nombre de host para un dominio externo, lo que permite a usuarios autenticados remotamente descubrir las credenciales de correo de otros usuarios en circunstancias oportunas a través de una asociación manual de una dirección de correo personal con el nombre manipulado del servidor IMAP.", }, ], id: "CVE-2013-4790", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-05T11:44:57.803", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-255", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 04:59
Severity ?
Summary
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.open-xchange.com/ | Vendor Advisory | |
| nvd@nist.gov | https://exchange.xforce.ibmcloud.com/vulnerabilities/187114 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.", }, { lang: "es", value: "OX App Suite versiones 7.10.3 y anteriores, permiten un ataque de tipo XSS por medio de texto/x-javascript, texto/rdf o un documento PDF", }, ], id: "CVE-2020-12646", lastModified: "2024-11-21T04:59:58.753", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-31T15:15:10.337", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, { source: "nvd@nist.gov", tags: [ "Third Party Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/187114", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-25 10:31
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.", }, { lang: "es", value: "Los interfaces (1) REST y (2) memcache en Hazelcast cluster API de Open-Xchange AppSuite 7.0.x (anteriores a 7.0.2-rev15) y 7.2.x (anteriores a 7.2.2-rev16) no requieren autenticación, lo que permite a atacantes remotos obtener información sensible o modificar datos a través de una llamada al API.", }, ], id: "CVE-2013-5200", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-25T10:31:29.283", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_server | 6.20.7 | |
| open-xchange | open-xchange_server | 6.22.0 | |
| open-xchange | open-xchange_server | 6.22.1 | |
| open-xchange | open-xchange_server | 7.0.1 | |
| open-xchange | open-xchange_server | 7.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.20.7:*:*:*:*:*:*:*", matchCriteriaId: "EE83E623-175D-4F81-B92E-C170FDD896EC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*", matchCriteriaId: "58989467-7850-4D91-86D4-524EBE325869", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*", matchCriteriaId: "BED21777-8642-49AC-A99F-87ED9B21FE14", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4FBAE267-EAB9-403A-8E1D-7C8EE68F0A36", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F5500DAF-78C2-4E30-AB1C-EF623C43956B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file.", }, { lang: "es", value: "Múltiples vulnerabilidades de cross-site scripting (XSS) en Open-Xchange AppSuite y Server anterior a v6.20.7 rev16, v6.22.0 anterior a rev15, v6.22.1 anterior a rev17, v7.0.1 anterior a rev6, y v7.0.2 anterior a rev7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) un javascript: URL, (2) elementos anidados SCRIPT que están malformados, (3) una firma de correo, o (4) código JavaScript dentro de un archivo de imagen.", }, ], id: "CVE-2013-2583", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-05T11:44:57.623", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 04:09
Severity ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "CEE77111-9626-48C1-9C13-6FF650B91363", versionEndIncluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*", matchCriteriaId: "D4417841-A79D-479F-BBB4-13892CD29CCB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*", matchCriteriaId: "11FED64F-98F2-4155-A34D-DCC0DCF55CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*", matchCriteriaId: "544677BC-DEFB-45B8-BB08-124E5666A04B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*", matchCriteriaId: "ABA212B4-FC4B-4268-A778-23D588E76880", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*", matchCriteriaId: "10D10170-9528-49BB-88B8-92A4D016EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*", matchCriteriaId: "2DA48ACB-659B-408C-B7E1-945A6333C1A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*", matchCriteriaId: "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*", matchCriteriaId: "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*", matchCriteriaId: "449B4C7A-6287-4018-86AA-D34BEF8DB83C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*", matchCriteriaId: "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*", matchCriteriaId: "8BF46085-0E23-4C9C-9899-30EB63EFC392", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*", matchCriteriaId: "39BB146E-14BF-4AC7-B267-3176545CBCB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*", matchCriteriaId: "64201845-70B6-4124-BA02-DE0646BE75A9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*", matchCriteriaId: "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev31:*:*:*:*:*:*", matchCriteriaId: "5E5DE686-E794-4C06-9AC8-5682B1CF68AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev32:*:*:*:*:*:*", matchCriteriaId: "E4710EAE-6227-4A72-9549-6EEF0CEB6E06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev33:*:*:*:*:*:*", matchCriteriaId: "7AD9AE40-5AE0-4DA6-BD1D-CC02746DA917", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev35:*:*:*:*:*:*", matchCriteriaId: "3681A31A-1795-4C44-B482-1F1028449960", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*", matchCriteriaId: "E26B66B2-9BE8-4843-9B4B-D673FAC44023", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*", matchCriteriaId: "2633E559-38E4-4024-BB5F-94EDFE5F93FF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*", matchCriteriaId: "E804C89F-033F-43B3-B63B-172F9B2136CB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*", matchCriteriaId: "0F7C6765-34DD-4326-99A8-F85DA19ECE91", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*", matchCriteriaId: "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*", matchCriteriaId: "B040A950-FEC3-465D-AD19-3AA8EE11AE92", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*", matchCriteriaId: "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*", matchCriteriaId: "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*", matchCriteriaId: "76D18DCA-5D64-4D38-99B0-1B984C402E70", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*", matchCriteriaId: "46718CD2-0403-4DA2-B157-5714BD654EB1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*", matchCriteriaId: "4BA1274B-9103-449F-ABD1-C898B716B433", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*", matchCriteriaId: "3BB485BC-3247-4E06-8017-118B597B0184", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*", matchCriteriaId: "6C447C6E-6188-47C6-BC68-8FD99B49F2D0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*", matchCriteriaId: "211647E5-8BCA-4393-B54B-CE382D5DF3F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*", matchCriteriaId: "855C2E78-C554-43A7-BD3F-747053F45709", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*", matchCriteriaId: "64594DD5-2816-4123-A12C-505FE4480AE9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*", matchCriteriaId: "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*", matchCriteriaId: "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*", matchCriteriaId: "30145547-3406-4639-A5AD-52EFAA734EEF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*", matchCriteriaId: "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*", matchCriteriaId: "91040A22-04F6-43ED-A6A1-060703D285C7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*", matchCriteriaId: "5A3E2338-E774-4188-B352-B79FBB9C5511", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*", matchCriteriaId: "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*", matchCriteriaId: "E8381BB7-3602-4DCF-A070-1067C277AAA0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*", matchCriteriaId: "98B758CC-D26C-4B83-98E7-3BA4ECF96966", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*", matchCriteriaId: "7BCE965A-70BE-4159-93D8-A2520C8C4CB2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*", matchCriteriaId: "1152B60C-3188-4BE7-897A-B09C5732ECAB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*", matchCriteriaId: "5F1F087A-7373-4B7F-87BD-8509704F47CF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*", matchCriteriaId: "D82CB956-9A14-49C5-8308-52198589BAC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*", matchCriteriaId: "2F202094-2A74-44DA-BB3A-06AF3326E544", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*", matchCriteriaId: "DC128D82-A687-4043-AC01-9A329ED9F9EB", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*", matchCriteriaId: "CBE4CF1D-B716-4992-B3DE-599AD7407780", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*", matchCriteriaId: "49FCC4A7-3078-421A-A3A1-C58976F47262", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev41:*:*:*:*:*:*", matchCriteriaId: "E57747B2-0C7B-4004-82AA-8C59CABC3B12", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev42:*:*:*:*:*:*", matchCriteriaId: "BECD9AD4-EB03-4BF0-A219-DD965A55670A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev43:*:*:*:*:*:*", matchCriteriaId: "5E0F6A5B-BDBB-4DF5-91A0-440834EE161F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*", matchCriteriaId: "F57910B1-968D-4DF3-8C2D-9EB3765C7214", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*", matchCriteriaId: "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*", matchCriteriaId: "A07A8019-D7D7-4E1D-AEA7-DF509175393D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*", matchCriteriaId: "9FEEF620-CD8A-49C4-89D6-565503A1790F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*", matchCriteriaId: "6164303F-253E-440C-A45C-94FFF7B492AE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*", matchCriteriaId: "4DD257D7-D9B2-4036-92D6-3A923B7DC59F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*", matchCriteriaId: "36383B07-AF6C-4EDA-A35E-50633D1612A4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*", matchCriteriaId: "032B8B47-9E01-41B3-99D4-DECD4727DEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*", matchCriteriaId: "F7211571-4614-4169-A897-D0047304A4B1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*", matchCriteriaId: "992082E5-5E00-40F0-8246-FD44D189C70D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*", matchCriteriaId: "4279A168-8A9A-43FF-8766-738EE31D6E25", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*", matchCriteriaId: "5A734819-B817-4E54-89B1-B6A5FD52C758", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*", matchCriteriaId: "63AFF50B-7ABD-455D-A2A5-05432B41E4BD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*", matchCriteriaId: "E2842D25-1A80-4403-B7A2-6E26527588E8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*", matchCriteriaId: "7DAA5D88-75E9-4D77-9F34-AB456F0733F6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*", matchCriteriaId: "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*", matchCriteriaId: "8681201A-5DB3-42A9-A203-9641B4459537", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*", matchCriteriaId: "C567F8B8-D9D0-4006-819C-C995C6573FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*", matchCriteriaId: "07FEF270-E3ED-463D-9940-7FC9573E40C0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*", matchCriteriaId: "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*", matchCriteriaId: "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*", matchCriteriaId: "BF34B133-486B-4D77-8745-4D0E082FF8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*", matchCriteriaId: "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.", }, { lang: "es", value: "El componente backend en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev36, versiones 7.8.x anteriores a la 7.8.2-rev39, versiones 7.8.3 anteriores a la 7.8.3-rev44 y versiones 7.8.4 anteriores a la 7.8.4-rev22 permite que atacantes remotos realicen ataques de Server-Side Request Forgery (SSRF) mediante vectores relacionados con representaciones no decimales de direcciones IP y direcciones IPv6 relacionadas especiales.", }, ], id: "CVE-2018-5752", lastModified: "2024-11-21T04:09:19.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-16T01:29:06.193", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44881/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-22 17:15
Modified
2024-11-21 06:15
Severity ?
Summary
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*", matchCriteriaId: "D3CF4C4E-3FF0-4B4A-8246-8F8981D66180", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5547:*:*:*:*:*:*", matchCriteriaId: "4284A4B4-42CF-4196-B990-0DE2AC7FF5F8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5572:*:*:*:*:*:*", matchCriteriaId: "1AF0528B-838B-4C80-B91D-D3009EFBD2E5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5623:*:*:*:*:*:*", matchCriteriaId: "927E4E17-02FC-46D6-B1EE-BBB6C710BE63", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5653:*:*:*:*:*:*", matchCriteriaId: "43DECDE0-C942-4B4B-A2E1-63B8E32B7334", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5677:*:*:*:*:*:*", matchCriteriaId: "54F4578F-1515-4F60-B890-421CB3FB09C5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5720:*:*:*:*:*:*", matchCriteriaId: "8853D9CE-A4F6-4935-BEA2-C039E867ADEF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*", matchCriteriaId: "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev10:*:*:*:*:*:*", matchCriteriaId: "F7FD3C9C-7750-4907-BF23-65606E7A6966", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev11:*:*:*:*:*:*", matchCriteriaId: "42BAD919-0599-4303-A7E3-5026AC8F415E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev12:*:*:*:*:*:*", matchCriteriaId: "6D0555E6-057D-475D-9EAF-F1EEC2D2157E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev13:*:*:*:*:*:*", matchCriteriaId: "CDDA5DF9-62FF-4E6F-943C-C70620D56AE9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev14:*:*:*:*:*:*", matchCriteriaId: "A9C26834-176A-4DD0-816E-87F12C2A0980", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev15:*:*:*:*:*:*", matchCriteriaId: "63BA3355-83A5-4758-9208-574760D72AF6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev16:*:*:*:*:*:*", matchCriteriaId: "DEDF0974-91A9-4F6C-B31F-327EBBF2321A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev17:*:*:*:*:*:*", matchCriteriaId: "79FED998-07D0-457B-9CC4-1CDE8D6B26E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev18:*:*:*:*:*:*", matchCriteriaId: "27EAB5B4-8F1A-4069-B150-032BADA92C1F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev19:*:*:*:*:*:*", matchCriteriaId: "265D758D-DA32-46FC-B7A7-1B695C2E7972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*", matchCriteriaId: "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev20:*:*:*:*:*:*", matchCriteriaId: "FE723E1C-E86A-4BC0-85DD-B051B1773A0A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev21:*:*:*:*:*:*", matchCriteriaId: "E441FE6E-2653-4BAE-9EFC-AE195A442804", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev22:*:*:*:*:*:*", matchCriteriaId: "516B7ACF-ABB8-4DBA-9E71-3B57B7C74376", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev23:*:*:*:*:*:*", matchCriteriaId: "60236FC4-81DA-4ED6-8C5B-6BC9FF6A177B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev24:*:*:*:*:*:*", matchCriteriaId: "E186C7BC-F3EC-4B9E-97BC-59CE860DD99B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev25:*:*:*:*:*:*", matchCriteriaId: "FE494389-735E-47FC-9A12-5305FA11735F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev26:*:*:*:*:*:*", matchCriteriaId: "6BD572F0-1B43-4FB5-BAE2-A9169BACFABE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev27:*:*:*:*:*:*", matchCriteriaId: "CD1EAF9A-189B-47B8-A00A-5604D1B8D8A8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev28:*:*:*:*:*:*", matchCriteriaId: "63318E39-A502-4AD8-9C8D-C15F08847BD8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev29:*:*:*:*:*:*", matchCriteriaId: "59C68527-4F08-4436-9D14-8BA65EEEFFC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*", matchCriteriaId: "B031D97E-A967-4124-8A42-EFA4B3576124", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev30:*:*:*:*:*:*", matchCriteriaId: "79A59F84-11DE-4560-A820-8E4F7B715888", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev31:*:*:*:*:*:*", matchCriteriaId: "4C2F2472-91C4-48AF-979A-7C003BBD36CD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*", matchCriteriaId: "649774E8-6489-4AD7-95A8-AAF7154B2C05", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*", matchCriteriaId: "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*", matchCriteriaId: "1AC0DD2C-02D1-4CA9-A05C-81359BD30FA2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev7:*:*:*:*:*:*", matchCriteriaId: "720B7107-09AC-41AB-97BB-DFC3FABFDB55", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev8:*:*:*:*:*:*", matchCriteriaId: "17E4B9E0-D5D3-4291-91A0-15885B559D5B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev9:*:*:*:*:*:*", matchCriteriaId: "7ECB4D19-C148-473B-B0C0-FD9007912F86", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:-:*:*:*:*:*:*", matchCriteriaId: "89BEBFB4-A028-4D5E-846E-7403D3491147", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev1:*:*:*:*:*:*", matchCriteriaId: "FED62869-ACA8-42B1-9AFE-0C0535E2C2F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev10:*:*:*:*:*:*", matchCriteriaId: "CB85F4BA-8E1B-490A-83FC-906EDF990750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev11:*:*:*:*:*:*", matchCriteriaId: "525841F3-E9ED-4593-9163-9DFA114EF5D6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev12:*:*:*:*:*:*", matchCriteriaId: "6382225F-80C8-4A21-AC5F-E1645B420DD5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev13:*:*:*:*:*:*", matchCriteriaId: "3EC95556-A105-4C03-AB54-AAB3A943A22F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev14:*:*:*:*:*:*", matchCriteriaId: "34BB4402-3151-4ED1-BC4E-F00A7E5FDB1E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev15:*:*:*:*:*:*", matchCriteriaId: "96FB19E6-E819-419A-B2C0-717F196A5A52", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev16:*:*:*:*:*:*", matchCriteriaId: "433C2CBB-E3D7-4209-81DA-E183B2BF23A6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev17:*:*:*:*:*:*", matchCriteriaId: "B2117B25-DABE-47B2-9337-5FAC000EC558", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev2:*:*:*:*:*:*", matchCriteriaId: "97039EE9-3567-4C10-9A85-8BED8C76BEDF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev3:*:*:*:*:*:*", matchCriteriaId: "AF1AAB93-9205-47FB-BEC3-EC7DF9A20732", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev4:*:*:*:*:*:*", matchCriteriaId: "E9A3E84C-665F-470C-8D19-31446ABFF7D3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev5:*:*:*:*:*:*", matchCriteriaId: "45C98776-55CE-4AF8-9141-75E0B86AE844", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev6:*:*:*:*:*:*", matchCriteriaId: "E94C88CD-9A26-45DE-A408-956D693FDE29", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev7:*:*:*:*:*:*", matchCriteriaId: "005CA94F-FA8A-474C-8135-CA0158D192F8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev8:*:*:*:*:*:*", matchCriteriaId: "4D01DFB9-FFE1-4635-8D59-E2325AADAAF1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev9:*:*:*:*:*:*", matchCriteriaId: "B051C6E0-334E-45A2-990B-81FE7E4FB507", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.", }, { lang: "es", value: "OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de datos binarios que se manejan inapropiadamente cuando ha sido habilitado el endpoint de recuperación de datos heredado", }, ], id: "CVE-2021-37402", lastModified: "2024-11-21T06:15:05.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-22T17:15:09.547", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-01-05 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.4.0 | |
| open-xchange | open-xchange_appsuite | 7.4.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "4051DD61-3387-4CFB-9243-FCB602813F10", versionEndIncluding: "7.2.2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8DAEED7B-C295-42B4-A60B-2EAA596E3D65", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0ABF6E32-2996-4DCF-A4A2-197CCFAEE22C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.", }, { lang: "es", value: "Vulnerabilidad de XSS en Open-Xchange (OX) AppSuite anterior a 7.2.2-rev31, 7.4.0 anterior a 7.4.0-rev27, y 7.4.1 anterior a 7.4.1-rev17 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de la cabecera en un fichero SGV adjunto.", }, ], id: "CVE-2014-1679", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-01-05T20:59:00.057", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/56828", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/531005", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91059", }, { source: "cve@mitre.org", url: "https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/56828", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/531005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via an inline binary file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via an inline binary file.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un archivo binario en línea", }, ], id: "CVE-2021-23931", lastModified: "2024-11-21T05:52:04.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-12T22:15:12.697", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-08 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/535388/100/1100/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/74350 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1032202 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/535388/100/1100/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74350 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032202 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.1 | |
| open-xchange | open-xchange_server | 6.0 | |
| open-xchange | open-xchange_server | 6.22.12 | |
| open-xchange | open-xchange_server | 6.22.13 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FCF181B4-CEA4-4AF6-8B06-AE928A69AD3C", versionEndIncluding: "7.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*", matchCriteriaId: "A0A22E01-73E0-4140-8BA1-AB147A9471CD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.1:*:*:*:*:*:*:*", matchCriteriaId: "74858ACF-6B38-4403-90DE-2374BE699486", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "0E40613D-28CC-4E3E-AE6F-8EBE414DFD10", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.22.12:*:*:*:*:*:*:*", matchCriteriaId: "576FEC20-B2A3-4CC8-841C-67D8E34BD74E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_server:6.22.13:*:*:*:*:*:*:*", matchCriteriaId: "5E5789FA-F70C-404A-8379-DE9D4783EAD8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.", }, { lang: "es", value: "Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Open-Xchange Server 6 y OX AppSuite, versiones anteriores a la 7.4.2-rev43, 7.6.0-rev38 y 7.6.1-rev21.", }, ], id: "CVE-2015-1588", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-08T21:29:00.253", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/535388/100/1100/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/74350", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/535388/100/1100/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/74350", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032202", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev26:*:*:*:*:*:*", matchCriteriaId: "114717B8-5FC3-4633-BE62-AFE9F5C9843A", versionEndIncluding: "7.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability.", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX AppSuite en versiones anteriores a 7.8.0-rev27. El parámetro aria-label de los títulos en el Portal pueden ser utilizados para inyectar código script. Esas etiquetas usan el nombre del archivo (e.j. una imagen) que se muestra en la aplicación del portal. El uso de código script en el nombre del archivo conduce a la ejecución del script. Código script malicioso puede ser ejecutado dentro de un contexto de usuario. Esto puede conducir al secuestro de sesión o el desencadenamiento de acciones no deseadas a través de la interfaz web (enviando correos, borrando datos etc.). Los usuarios tienen que añadir activamente un archivo al portal para habilitar este ataque. En caso de archivos compartidos sin embargo, un atacante interno podría modificar un archivo previamente embebido para portar un nombre de archivo malicioso. Además, esta vulnerabilidad puede ser utilizada para ejecutar código que fue inyectado por una vulnerabilidad temporal de ejecución de secuencias de comandos.", }, ], id: "CVE-2016-3173", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:02.347", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/538481/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/538481/100/0/threaded", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-30 22:15
Modified
2024-11-21 06:06
Severity ?
Summary
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Not Applicable, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Not Applicable, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9451471A-06E1-456C-8B82-ADEB746B97C7", versionEndIncluding: "7.10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.", }, { lang: "es", value: "OX App Suite versiones 7.10.4 y anteriores permiten un ataque de tipo XSS por medio de un objeto de contacto diseñado (carga útil en el campo position o company) que es manejado inapropiadamente en la Interfaz de Usuario App Suite en un teléfono inteligente.", }, ], id: "CVE-2021-31934", lastModified: "2024-11-21T06:06:32.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-30T22:15:07.753", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-02-17 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "0A708019-6229-4768-994C-5A51B0495CAC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*", matchCriteriaId: "A0A22E01-73E0-4140-8BA1-AB147A9471CD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.1:*:*:*:*:*:*:*", matchCriteriaId: "74858ACF-6B38-4403-90DE-2374BE699486", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the \"folder identifier.\"", }, { lang: "es", value: "Open-Xchange (OX) AppSuite and Server anterior a 7.4.2-rev42, 7.6.0 anterior a 7.6.0-rev36, y 7.6.1 anterior a 7.6.1-rev14 no maneja correctamente los permisos de directorios, lo que permite a usuarios remotos autenticados leer ficheros a través de vectores no especificados, relacionado con el 'identificador de carpetas.'", }, ], id: "CVE-2014-9466", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-02-17T15:59:01.750", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/534695/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/72587", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1031744", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/100867", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/534695/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/72587", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031744", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/100867", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-25 10:31
Modified
2025-04-11 00:51
Severity ?
Summary
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "138461CD-9C27-40E5-B7A0-A37737B6E942", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "108BCEFD-3098-4919-9B0C-E80F6FA1C102", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200.", }, { lang: "es", value: "La API Hazelcast cluster en Open-Xchange AppSuite v7.0.x anterior a v7.0.2-rev15 y v7.2.x anterior a v7.2.2-rev16 no restringe correctamente el conjunto de interfaces de red que pueden recibir llamadas API, lo cual facilita a los atacantes remotos conseguir acceso mediante el envío de tráfico de red desde una localización imprevista, una vulnerabilidad diferente de CVE-2013-5200.", }, ], id: "CVE-2013-5935", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-25T10:31:29.423", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "FB465D15-78EA-47FA-BC7C-5A6631EC9578", versionEndIncluding: "7.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de una imagen en línea con un nombre de archivo diseñado", }, ], id: "CVE-2021-23932", lastModified: "2024-11-21T05:52:04.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-12T22:15:12.760", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-22 17:15
Modified
2024-11-21 05:56
Severity ?
Summary
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Jul/33 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Jul/33 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/33 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/33 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*", matchCriteriaId: "D3CF4C4E-3FF0-4B4A-8246-8F8981D66180", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5547:*:*:*:*:*:*", matchCriteriaId: "4284A4B4-42CF-4196-B990-0DE2AC7FF5F8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5572:*:*:*:*:*:*", matchCriteriaId: "1AF0528B-838B-4C80-B91D-D3009EFBD2E5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5623:*:*:*:*:*:*", matchCriteriaId: "927E4E17-02FC-46D6-B1EE-BBB6C710BE63", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5653:*:*:*:*:*:*", matchCriteriaId: "43DECDE0-C942-4B4B-A2E1-63B8E32B7334", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5677:*:*:*:*:*:*", matchCriteriaId: "54F4578F-1515-4F60-B890-421CB3FB09C5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5720:*:*:*:*:*:*", matchCriteriaId: "8853D9CE-A4F6-4935-BEA2-C039E867ADEF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*", matchCriteriaId: "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev10:*:*:*:*:*:*", matchCriteriaId: "F7FD3C9C-7750-4907-BF23-65606E7A6966", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev11:*:*:*:*:*:*", matchCriteriaId: "42BAD919-0599-4303-A7E3-5026AC8F415E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev12:*:*:*:*:*:*", matchCriteriaId: "6D0555E6-057D-475D-9EAF-F1EEC2D2157E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev13:*:*:*:*:*:*", matchCriteriaId: "CDDA5DF9-62FF-4E6F-943C-C70620D56AE9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev14:*:*:*:*:*:*", matchCriteriaId: "A9C26834-176A-4DD0-816E-87F12C2A0980", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev15:*:*:*:*:*:*", matchCriteriaId: "63BA3355-83A5-4758-9208-574760D72AF6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev16:*:*:*:*:*:*", matchCriteriaId: "DEDF0974-91A9-4F6C-B31F-327EBBF2321A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev17:*:*:*:*:*:*", matchCriteriaId: "79FED998-07D0-457B-9CC4-1CDE8D6B26E2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev18:*:*:*:*:*:*", matchCriteriaId: "27EAB5B4-8F1A-4069-B150-032BADA92C1F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev19:*:*:*:*:*:*", matchCriteriaId: "265D758D-DA32-46FC-B7A7-1B695C2E7972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*", matchCriteriaId: "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev20:*:*:*:*:*:*", matchCriteriaId: "FE723E1C-E86A-4BC0-85DD-B051B1773A0A", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev21:*:*:*:*:*:*", matchCriteriaId: "E441FE6E-2653-4BAE-9EFC-AE195A442804", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev22:*:*:*:*:*:*", matchCriteriaId: "516B7ACF-ABB8-4DBA-9E71-3B57B7C74376", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev23:*:*:*:*:*:*", matchCriteriaId: "60236FC4-81DA-4ED6-8C5B-6BC9FF6A177B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev24:*:*:*:*:*:*", matchCriteriaId: "E186C7BC-F3EC-4B9E-97BC-59CE860DD99B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev25:*:*:*:*:*:*", matchCriteriaId: "FE494389-735E-47FC-9A12-5305FA11735F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev26:*:*:*:*:*:*", matchCriteriaId: "6BD572F0-1B43-4FB5-BAE2-A9169BACFABE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev27:*:*:*:*:*:*", matchCriteriaId: "CD1EAF9A-189B-47B8-A00A-5604D1B8D8A8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev28:*:*:*:*:*:*", matchCriteriaId: "63318E39-A502-4AD8-9C8D-C15F08847BD8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev29:*:*:*:*:*:*", matchCriteriaId: "59C68527-4F08-4436-9D14-8BA65EEEFFC0", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*", matchCriteriaId: "B031D97E-A967-4124-8A42-EFA4B3576124", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev30:*:*:*:*:*:*", matchCriteriaId: "79A59F84-11DE-4560-A820-8E4F7B715888", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev31:*:*:*:*:*:*", matchCriteriaId: "4C2F2472-91C4-48AF-979A-7C003BBD36CD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*", matchCriteriaId: "649774E8-6489-4AD7-95A8-AAF7154B2C05", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*", matchCriteriaId: "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*", matchCriteriaId: "1AC0DD2C-02D1-4CA9-A05C-81359BD30FA2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev7:*:*:*:*:*:*", matchCriteriaId: "720B7107-09AC-41AB-97BB-DFC3FABFDB55", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev8:*:*:*:*:*:*", matchCriteriaId: "17E4B9E0-D5D3-4291-91A0-15885B559D5B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev9:*:*:*:*:*:*", matchCriteriaId: "7ECB4D19-C148-473B-B0C0-FD9007912F86", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:-:*:*:*:*:*:*", matchCriteriaId: "89BEBFB4-A028-4D5E-846E-7403D3491147", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev1:*:*:*:*:*:*", matchCriteriaId: "FED62869-ACA8-42B1-9AFE-0C0535E2C2F7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev10:*:*:*:*:*:*", matchCriteriaId: "CB85F4BA-8E1B-490A-83FC-906EDF990750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev11:*:*:*:*:*:*", matchCriteriaId: "525841F3-E9ED-4593-9163-9DFA114EF5D6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev12:*:*:*:*:*:*", matchCriteriaId: "6382225F-80C8-4A21-AC5F-E1645B420DD5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev13:*:*:*:*:*:*", matchCriteriaId: "3EC95556-A105-4C03-AB54-AAB3A943A22F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev14:*:*:*:*:*:*", matchCriteriaId: "34BB4402-3151-4ED1-BC4E-F00A7E5FDB1E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev15:*:*:*:*:*:*", matchCriteriaId: "96FB19E6-E819-419A-B2C0-717F196A5A52", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev16:*:*:*:*:*:*", matchCriteriaId: "433C2CBB-E3D7-4209-81DA-E183B2BF23A6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev17:*:*:*:*:*:*", matchCriteriaId: "B2117B25-DABE-47B2-9337-5FAC000EC558", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev2:*:*:*:*:*:*", matchCriteriaId: "97039EE9-3567-4C10-9A85-8BED8C76BEDF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev3:*:*:*:*:*:*", matchCriteriaId: "AF1AAB93-9205-47FB-BEC3-EC7DF9A20732", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev4:*:*:*:*:*:*", matchCriteriaId: "E9A3E84C-665F-470C-8D19-31446ABFF7D3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev5:*:*:*:*:*:*", matchCriteriaId: "45C98776-55CE-4AF8-9141-75E0B86AE844", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev6:*:*:*:*:*:*", matchCriteriaId: "E94C88CD-9A26-45DE-A408-956D693FDE29", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev7:*:*:*:*:*:*", matchCriteriaId: "005CA94F-FA8A-474C-8135-CA0158D192F8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev8:*:*:*:*:*:*", matchCriteriaId: "4D01DFB9-FFE1-4635-8D59-E2325AADAAF1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev9:*:*:*:*:*:*", matchCriteriaId: "B051C6E0-334E-45A2-990B-81FE7E4FB507", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.", }, { lang: "es", value: "OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de un fragmento de código (contenido generado por el usuario) cuando se crea un enlace para compartir y el parámetro dl es usado", }, ], id: "CVE-2021-26698", lastModified: "2024-11-21T05:56:41.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-22T17:15:09.310", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.open-xchange.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9451471A-06E1-456C-8B82-ADEB746B97C7", versionEndIncluding: "7.10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.", }, { lang: "es", value: "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo SSRF por medio de una URL con un carácter @ en una petición PUT de appsuite/api/oauth/proxy", }, ], id: "CVE-2021-23927", lastModified: "2024-11-21T05:52:03.730", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-12T22:15:12.447", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-26 02:15
Modified
2025-04-14 15:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9D3B06B3-8919-4D41-87A6-DA39189750B9", versionEndExcluding: "7.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*", matchCriteriaId: "FE68F102-2EE1-44FF-A8AB-6F71F62712D1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*", matchCriteriaId: "4F5923E6-C4C1-492F-A130-65D102F67B40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*", matchCriteriaId: "D703A274-D197-42B3-9720-70E6CCD9E825", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*", matchCriteriaId: "D4D5F145-F2BA-4589-8B9A-B967069EA355", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*", matchCriteriaId: "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*", matchCriteriaId: "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*", matchCriteriaId: "3FAD63B8-9158-4552-8987-3A418AC5A3A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*", matchCriteriaId: "87793628-6C35-4137-B584-3AE2A8363AEC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*", matchCriteriaId: "06C14CAB-9C56-48A2-82FA-16110923CC78", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*", matchCriteriaId: "2201C280-3674-4FA4-8176-723C175A2469", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*", matchCriteriaId: "A3CB3836-AD68-4167-98FD-5B05CC9C92EE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*", matchCriteriaId: "604CF453-CBBE-4123-B3ED-87A8CBF407DE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*", matchCriteriaId: "6AF52278-E711-4656-9A1C-0A3A7F3C671F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*", matchCriteriaId: "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*", matchCriteriaId: "8A0D1287-7A32-4F56-97F2-8573F12D8EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*", matchCriteriaId: "69858B8E-E4C7-485C-882A-206E07D7343F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*", matchCriteriaId: "C2B82BFA-39B6-4DC8-B691-3284FDCFA227", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*", matchCriteriaId: "FD4E8470-B8CE-4670-8334-86B817180E96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*", matchCriteriaId: "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*", matchCriteriaId: "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*", matchCriteriaId: "41EA5F8E-05B5-4C4A-8853-B6948C358F06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*", matchCriteriaId: "3E1A5843-F09A-4BBE-878D-C967E4061B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*", matchCriteriaId: "D579A835-6B7F-4C77-991F-C760CB8D3750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*", matchCriteriaId: "B4935091-B9B4-4EA7-8785-FE4529ACFEBF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*", matchCriteriaId: "33DAB50E-18A0-43CC-9043-5E2B722F3A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*", matchCriteriaId: "0E1E9E82-17E3-4B43-AD5B-BBAD25759950", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*", matchCriteriaId: "E73BDC2E-3C39-454F-B929-8BB936F36AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*", matchCriteriaId: "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*", matchCriteriaId: "9EA739D6-10BD-48B4-9C30-92BE4381C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*", matchCriteriaId: "79219E01-26C2-462C-B604-783490F26565", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*", matchCriteriaId: "6F121147-1AAB-4123-AFD2-31F39434819F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*", matchCriteriaId: "52B9445C-4B0E-437A-BE3C-DBB8A621D354", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*", matchCriteriaId: "979495B8-8BF0-41B0-9BD5-48554A9C8889", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*", matchCriteriaId: "A82EF754-CCB7-4A03-8986-42BA76E6A2C9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*", matchCriteriaId: "F4CAFBCA-BD13-4295-A558-844716BA0C81", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*", matchCriteriaId: "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.", }, { lang: "es", value: "OX App Suite hasta 7.10.6 tiene un consumo de recursos incontrolado a través de un cuerpo de solicitud grande que contiene una URL de redireccionamiento al servlet aplazador.", }, ], id: "CVE-2022-37312", lastModified: "2025-04-14T15:15:20.163", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-12-26T02:15:09.743", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1284", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-1284", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2014-04-24 05:06
Modified
2025-04-12 10:46
Severity ?
Summary
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.4.1 | |
| open-xchange | open-xchange_appsuite | 7.4.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "4051DD61-3387-4CFB-9243-FCB602813F10", versionEndIncluding: "7.2.2", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2BF31219-8390-4676-A9C4-D625A016C71E", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0ABF6E32-2996-4DCF-A4A2-197CCFAEE22C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "0A708019-6229-4768-994C-5A51B0495CAC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.", }, { lang: "es", value: "La funcionalidad de autoconfiguración de E-Mail en Open-Xchange AppSuite anterior a 7.2.2-rev20, 7.4.1 anterior a 7.4.1-rev11 y 7.4.2 anterior a 7.4.2-rev13 situa a contraseñas en una solicitud GET, lo que permite a atacantes remotos obtener información sensible mediante la lectura de (1) registros de acceso al servidor web, (2) registros Referer del servidor web o (3) el historial del navegador.", }, ], id: "CVE-2014-2392", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-04-24T05:06:05.623", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/531762", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/531762", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-03 20:15
Modified
2024-11-21 05:23
Severity ?
Summary
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9451471A-06E1-456C-8B82-ADEB746B97C7", versionEndIncluding: "7.10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.", }, { lang: "es", value: "OX App Suite versiones 7.10.4 y anteriores, permiten un ataque de tipo XSS por medio de contenido diseñado para llegar a una función no documentada, tal y como ![](http://onerror=Function.constructor, en un item de Notes.", }, ], id: "CVE-2020-28945", lastModified: "2024-11-21T05:23:21.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-03T20:15:08.307", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-26 02:15
Modified
2025-04-14 15:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "9D3B06B3-8919-4D41-87A6-DA39189750B9", versionEndExcluding: "7.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*", matchCriteriaId: "FE68F102-2EE1-44FF-A8AB-6F71F62712D1", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*", matchCriteriaId: "4F5923E6-C4C1-492F-A130-65D102F67B40", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*", matchCriteriaId: "D703A274-D197-42B3-9720-70E6CCD9E825", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*", matchCriteriaId: "D4D5F145-F2BA-4589-8B9A-B967069EA355", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*", matchCriteriaId: "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*", matchCriteriaId: "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*", matchCriteriaId: "3FAD63B8-9158-4552-8987-3A418AC5A3A7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*", matchCriteriaId: "87793628-6C35-4137-B584-3AE2A8363AEC", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*", matchCriteriaId: "06C14CAB-9C56-48A2-82FA-16110923CC78", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*", matchCriteriaId: "2201C280-3674-4FA4-8176-723C175A2469", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*", matchCriteriaId: "A3CB3836-AD68-4167-98FD-5B05CC9C92EE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*", matchCriteriaId: "604CF453-CBBE-4123-B3ED-87A8CBF407DE", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*", matchCriteriaId: "6AF52278-E711-4656-9A1C-0A3A7F3C671F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*", matchCriteriaId: "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*", matchCriteriaId: "8A0D1287-7A32-4F56-97F2-8573F12D8EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*", matchCriteriaId: "69858B8E-E4C7-485C-882A-206E07D7343F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*", matchCriteriaId: "C2B82BFA-39B6-4DC8-B691-3284FDCFA227", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*", matchCriteriaId: "FD4E8470-B8CE-4670-8334-86B817180E96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*", matchCriteriaId: "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*", matchCriteriaId: "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*", matchCriteriaId: "41EA5F8E-05B5-4C4A-8853-B6948C358F06", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*", matchCriteriaId: "3E1A5843-F09A-4BBE-878D-C967E4061B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*", matchCriteriaId: "D579A835-6B7F-4C77-991F-C760CB8D3750", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*", matchCriteriaId: "B4935091-B9B4-4EA7-8785-FE4529ACFEBF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*", matchCriteriaId: "33DAB50E-18A0-43CC-9043-5E2B722F3A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*", matchCriteriaId: "0E1E9E82-17E3-4B43-AD5B-BBAD25759950", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*", matchCriteriaId: "E73BDC2E-3C39-454F-B929-8BB936F36AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*", matchCriteriaId: "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*", matchCriteriaId: "9EA739D6-10BD-48B4-9C30-92BE4381C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*", matchCriteriaId: "79219E01-26C2-462C-B604-783490F26565", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*", matchCriteriaId: "6F121147-1AAB-4123-AFD2-31F39434819F", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*", matchCriteriaId: "52B9445C-4B0E-437A-BE3C-DBB8A621D354", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*", matchCriteriaId: "979495B8-8BF0-41B0-9BD5-48554A9C8889", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*", matchCriteriaId: "A82EF754-CCB7-4A03-8986-42BA76E6A2C9", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*", matchCriteriaId: "F4CAFBCA-BD13-4295-A558-844716BA0C81", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*", matchCriteriaId: "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*", matchCriteriaId: "A144D75D-60A8-4EE0-813C-F658C626B2AA", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*", matchCriteriaId: "2DA66230-DE02-4881-A893-E9E78286B157", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*", matchCriteriaId: "955F3DFB-6479-4867-B62A-82730DBEB498", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*", matchCriteriaId: "327D1B56-0D05-4D99-91D4-CC1F0AC32972", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*", matchCriteriaId: "D0CD0684-C431-47F8-A2F4-1936D5C5A72B", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*", matchCriteriaId: "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*", matchCriteriaId: "D0968764-CCEE-47A7-9111-E106D887DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*", matchCriteriaId: "16589FBB-F0CD-4041-8141-5C89FCCA72AF", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*", matchCriteriaId: "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*", matchCriteriaId: "0DF5FB90-8D6D-4F99-B454-411B1DFFA630", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*", matchCriteriaId: "F58876B9-6C2E-4048-A793-B441A84E86F5", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*", matchCriteriaId: "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*", matchCriteriaId: "A89A4192-54E9-4899-8C7B-6C7F7E650D5C", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*", matchCriteriaId: "F2DC1357-9CD5-415F-A190-2F3F4498EF96", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*", matchCriteriaId: "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908", vulnerable: true, }, { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*", matchCriteriaId: "E8F675FA-1684-413A-B1BE-1C5434AC2862", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.", }, { lang: "es", value: "OX App Suite hasta 7.10.6 permite SSRF porque el mecanismo de protección anti-SSRF solo verifica el primer registro DNS AA o AAAA.", }, ], id: "CVE-2022-37313", lastModified: "2025-04-14T15:15:20.983", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-12-26T02:15:09.810", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://open-xchange.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-918", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-30 15:29
Modified
2024-11-21 03:45
Severity ?
Summary
OX App Suite 7.8.4 and earlier allows Information Exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jan/10 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf | Patch, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jan/10 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A45377-C1DE-44AB-A02F-A377BE4E9A56", versionEndIncluding: "7.8.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OX App Suite 7.8.4 and earlier allows Information Exposure.", }, { lang: "es", value: "OX App Suite, en su versión 7.8.4 y anteriores, permite la fuga de información.", }, ], id: "CVE-2018-12610", lastModified: "2024-11-21T03:45:32.417", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-30T15:29:03.520", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev-26:*:*:*:*:*:*", matchCriteriaId: "76CB18F2-3E73-4751-9DE2-DFFBDF358BB2", versionEndIncluding: "7.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The \"defer\" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.", }, { lang: "es", value: "Ha sido descubierto un problema en Open-Xchange OX AppSuite en versiones anteriores a 7.8.0-rev27. El \"defer\" servlet ofrece redirigir a un cliente a una URL especificada. Dado que faltaban algunas verificaciones, URLs arbitrarias podrían ser proporcionadas como objetivo de redirección. Los usuarios pueden ser engañados para seguir un vínculo a un dominio confiable pero terminar en un servicio inesperado más tarde. Esta vulnerabilidad puede emplearse para preparar y mejorar ataques de phishing.", }, ], id: "CVE-2016-3174", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-15T06:59:03.397", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/538481/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/538481/100/0/threaded", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2018-5751
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:40:51.211Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-08T00:00:00", descriptions: [ { lang: "en", value: "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the \"groups\" and \"users\" APIs.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-5751", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the \"groups\" and \"users\" APIs.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-5751", datePublished: "2018-06-15T21:00:00", dateReserved: "2018-01-17T00:00:00", dateUpdated: "2024-08-05T05:40:51.211Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-9466
Vulnerability from cvelistv5
Published
2015-02-17 15:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/72587 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1031744 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/534695/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100867 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:47:41.621Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "72587", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/72587", }, { name: "1031744", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031744", }, { name: "20150212 Open-Xchange Security Advisory 2015-02-12", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/534695/100/0/threaded", }, { name: "openxchange-cve20149466-info-disc(100867)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/100867", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-12T00:00:00", descriptions: [ { lang: "en", value: "Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the \"folder identifier.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "72587", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/72587", }, { name: "1031744", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031744", }, { name: "20150212 Open-Xchange Security Advisory 2015-02-12", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/534695/100/0/threaded", }, { name: "openxchange-cve20149466-info-disc(100867)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/100867", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-9466", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the \"folder identifier.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "72587", refsource: "BID", url: "http://www.securityfocus.com/bid/72587", }, { name: "1031744", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031744", }, { name: "20150212 Open-Xchange Security Advisory 2015-02-12", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/534695/100/0/threaded", }, { name: "openxchange-cve20149466-info-disc(100867)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/100867", }, { name: "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-9466", datePublished: "2015-02-17T15:00:00", dateReserved: "2015-01-03T00:00:00", dateUpdated: "2024-08-06T13:47:41.621Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-6009
Vulnerability from cvelistv5
Published
2013-10-03 19:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/528940 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:29:42.337Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130930 Open-Xchange Security Advisory 2013-09-30", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/528940", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-10-03T19:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20130930 Open-Xchange Security Advisory 2013-09-30", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/528940", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-6009", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130930 Open-Xchange Security Advisory 2013-09-30", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/528940", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-6009", datePublished: "2013-10-03T19:00:00Z", dateReserved: "2013-10-03T00:00:00Z", dateUpdated: "2024-09-16T18:29:35.110Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23927
Vulnerability from cvelistv5
Published
2021-01-12 21:26
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:14:09.781Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-12T21:26:53", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-23927", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-23927", datePublished: "2021-01-12T21:26:53", dateReserved: "2021-01-12T00:00:00", dateUpdated: "2024-08-03T19:14:09.781Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26454
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev5 Version: 0 ≤ 8.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:53:52.736Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "office", ], product: "OX App Suite", vendor: "OX Software GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev5", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "8.12", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.</p>", }, ], value: "Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T07:09:14.919Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], source: { defect: [ "DOCS-4802", ], discovery: "EXTERNAL", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-26454", datePublished: "2023-11-02T13:01:16.521Z", dateReserved: "2023-02-22T20:42:56.092Z", dateUpdated: "2024-08-02T11:53:52.736Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37309
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 14:42
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:20.774Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://open-xchange.com", }, { tags: [ "x_transferred", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-37309", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T14:41:30.763138Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T14:42:07.163Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-26T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://open-xchange.com", }, { url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37309", datePublished: "2022-12-26T00:00:00.000Z", dateReserved: "2022-08-01T00:00:00.000Z", dateUpdated: "2025-04-14T14:42:07.163Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-8340
Vulnerability from cvelistv5
Published
2019-05-22 19:15
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:34:22.608Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-22T19:15:24", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-8340", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://open-xchange.com", refsource: "MISC", url: "http://open-xchange.com", }, { name: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-8340", datePublished: "2019-05-22T19:15:24", dateReserved: "2017-04-29T00:00:00", dateUpdated: "2024-08-05T16:34:22.608Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-5753
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:40:51.212Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-08T00:00:00", descriptions: [ { lang: "en", value: "The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the \"personal part\" of a (1) From or (2) Sender address.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-5753", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the \"personal part\" of a (1) From or (2) Sender address.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-5753", datePublished: "2018-06-15T21:00:00", dateReserved: "2018-01-17T00:00:00", dateUpdated: "2024-08-05T05:40:51.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-12609
Vulnerability from cvelistv5
Published
2019-01-29 23:00
Modified
2024-08-05 08:38
Severity ?
EPSS score ?
Summary
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
References
| ▼ | URL | Tags |
|---|---|---|
| https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf | x_refsource_CONFIRM | |
| http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2019/Jan/10 | mailing-list, x_refsource_FULLDISC | |
| https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T08:38:06.361Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { name: "20190104 Open-Xchange Security Advisory 2018-12-31", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-25T00:00:00", descriptions: [ { lang: "en", value: "OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-29T22:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { name: "20190104 Open-Xchange Security Advisory 2018-12-31", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-12609", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf", }, { name: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", refsource: "CONFIRM", url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { name: "20190104 Open-Xchange Security Advisory 2018-12-31", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { name: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-12609", datePublished: "2019-01-29T23:00:00", dateReserved: "2018-06-21T00:00:00", dateUpdated: "2024-08-05T08:38:06.361Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14225
Vulnerability from cvelistv5
Published
2019-10-14 16:34
Modified
2024-08-05 00:12
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.1 and 7.10.2 allows SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2019/Oct/25 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:12:42.806Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, { name: "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2019/Oct/25", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.1 and 7.10.2 allows SSRF.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-14T16:35:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, { name: "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "https://seclists.org/fulldisclosure/2019/Oct/25", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-14225", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.1 and 7.10.2 allows SSRF.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, { name: "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09", refsource: "FULLDISC", url: "https://seclists.org/fulldisclosure/2019/Oct/25", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14225", datePublished: "2019-10-14T16:34:44", dateReserved: "2019-07-21T00:00:00", dateUpdated: "2024-08-05T00:12:42.806Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-2391
Vulnerability from cvelistv5
Published
2014-04-17 20:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/531762 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:14:25.944Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140408 Open-Xchange Security Advisory 2014-04-08", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/531762", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-04-08T00:00:00", descriptions: [ { lang: "en", value: "The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-04-17T20:57:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20140408 Open-Xchange Security Advisory 2014-04-08", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/531762", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-2391", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140408 Open-Xchange Security Advisory 2014-04-08", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/531762", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-2391", datePublished: "2014-04-17T20:00:00", dateReserved: "2014-03-13T00:00:00", dateUpdated: "2024-08-06T10:14:25.944Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29852
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 18:28
Severity ?
EPSS score ?
Summary
OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:33:42.820Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://open-xchange.com", }, { tags: [ "x_transferred", ], url: "https://seclists.org/fulldisclosure/2022/Sep/0", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-29852", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T14:36:40.268101Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T18:28:27.517Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-26T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://open-xchange.com", }, { url: "https://seclists.org/fulldisclosure/2022/Sep/0", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-29852", datePublished: "2022-12-26T00:00:00.000Z", dateReserved: "2022-04-27T00:00:00.000Z", dateUpdated: "2025-04-14T18:28:27.517Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26699
Vulnerability from cvelistv5
Published
2021-07-22 16:22
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2021/Jul/33 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:33:40.915Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com", }, { name: "20210716 Open-Xchange Security Advisory 2021-07-15", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2021/Jul/33", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-25T13:42:51", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com", }, { name: "20210716 Open-Xchange Security Advisory 2021-07-15", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://seclists.org/fulldisclosure/2021/Jul/33", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-26699", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com", refsource: "MISC", url: "https://www.open-xchange.com", }, { name: "20210716 Open-Xchange Security Advisory 2021-07-15", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { name: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { name: "https://seclists.org/fulldisclosure/2021/Jul/33", refsource: "CONFIRM", url: "https://seclists.org/fulldisclosure/2021/Jul/33", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-26699", datePublished: "2021-07-22T16:22:58", dateReserved: "2021-02-04T00:00:00", dateUpdated: "2024-08-03T20:33:40.915Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8541
Vulnerability from cvelistv5
Published
2020-06-16 13:47
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows XXE attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:03:46.325Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows XXE attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-16T13:47:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-8541", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.3 allows XXE attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, { name: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-8541", datePublished: "2020-06-16T13:47:27", dateReserved: "2020-02-03T00:00:00", dateUpdated: "2024-08-04T10:03:46.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31935
Vulnerability from cvelistv5
Published
2021-04-30 21:19
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:31.286Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-30T21:19:30", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-31935", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-31935", datePublished: "2021-04-30T21:19:30", dateReserved: "2021-04-30T00:00:00", dateUpdated: "2024-08-03T23:10:31.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41707
Vulnerability from cvelistv5
Published
2024-02-12 08:15
Modified
2024-08-02 19:01
Severity ?
EPSS score ?
Summary
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.
No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open-Xchange GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev55 Version: 0 ≤ 7.6.3-rev71 Version: 0 ≤ 8.19 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-41707", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-12T14:28:43.049862Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:20:50.823Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T19:01:35.448Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "backend", ], product: "OX App Suite", vendor: "Open-Xchange GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev55", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "7.6.3-rev71", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "8.19", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.\r\n No publicly available exploits are known.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Uncontrolled Resource Consumption", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-16T14:08:53.186Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, ], source: { defect: "MWB-2366", discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-41707", datePublished: "2024-02-12T08:15:24.923Z", dateReserved: "2023-08-30T16:21:49.912Z", dateUpdated: "2024-08-02T19:01:35.448Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23930
Vulnerability from cvelistv5
Published
2021-01-12 21:26
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:14:09.783Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-12T21:26:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-23930", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-23930", datePublished: "2021-01-12T21:26:16", dateReserved: "2021-01-12T00:00:00", dateUpdated: "2024-08-03T19:14:09.783Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-7143
Vulnerability from cvelistv5
Published
2014-01-26 20:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029650 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90546 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/65013 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/102195 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/bugtraq/2014/Jan/57 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:01:19.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1029650", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029650", }, { name: "openxchange-cve20137143-xss(90546)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90546", }, { name: "65013", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65013", }, { name: "102195", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/102195", }, { name: "20140117 Open-Xchange Security Advisory 2014-01-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2014/Jan/57", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-01-17T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1029650", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029650", }, { name: "openxchange-cve20137143-xss(90546)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90546", }, { name: "65013", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65013", }, { name: "102195", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/102195", }, { name: "20140117 Open-Xchange Security Advisory 2014-01-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2014/Jan/57", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-7143", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1029650", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029650", }, { name: "openxchange-cve20137143-xss(90546)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90546", }, { name: "65013", refsource: "BID", url: "http://www.securityfocus.com/bid/65013", }, { name: "102195", refsource: "OSVDB", url: "http://www.osvdb.org/102195", }, { name: "20140117 Open-Xchange Security Advisory 2014-01-17", refsource: "BUGTRAQ", url: "http://seclists.org/bugtraq/2014/Jan/57", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-7143", datePublished: "2014-01-26T20:00:00", dateReserved: "2013-12-18T00:00:00", dateUpdated: "2024-08-06T18:01:19.326Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-5212
Vulnerability from cvelistv5
Published
2019-05-23 14:26
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:55:35.645Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T14:26:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-5212", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://open-xchange.com", refsource: "MISC", url: "http://open-xchange.com", }, { name: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-5212", datePublished: "2019-05-23T14:26:06", dateReserved: "2017-01-09T00:00:00", dateUpdated: "2024-08-05T14:55:35.645Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-5756
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:40:51.265Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-08T00:00:00", descriptions: [ { lang: "en", value: "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-5756", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-5756", datePublished: "2018-06-15T21:00:00", dateReserved: "2018-01-17T00:00:00", dateUpdated: "2024-08-05T05:40:51.265Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-9808
Vulnerability from cvelistv5
Published
2019-05-22 19:01
Modified
2024-08-05 17:18
Severity ?
EPSS score ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:18:02.246Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-22T19:01:49", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-9808", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-9808", datePublished: "2019-05-22T19:01:49", dateReserved: "2017-06-22T00:00:00", dateUpdated: "2024-08-05T17:18:02.246Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-7140
Vulnerability from cvelistv5
Published
2014-01-26 20:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90543 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/65015 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/102194 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id/1029650 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/bugtraq/2014/Jan/57 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:01:19.433Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openxchange-cve20137140-info-disclosure(90543)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90543", }, { name: "65015", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65015", }, { name: "102194", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/102194", }, { name: "1029650", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029650", }, { name: "20140117 Open-Xchange Security Advisory 2014-01-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2014/Jan/57", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-01-17T00:00:00", descriptions: [ { lang: "en", value: "XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "openxchange-cve20137140-info-disclosure(90543)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90543", }, { name: "65015", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65015", }, { name: "102194", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/102194", }, { name: "1029650", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029650", }, { name: "20140117 Open-Xchange Security Advisory 2014-01-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2014/Jan/57", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-7140", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openxchange-cve20137140-info-disclosure(90543)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90543", }, { name: "65015", refsource: "BID", url: "http://www.securityfocus.com/bid/65015", }, { name: "102194", refsource: "OSVDB", url: "http://www.osvdb.org/102194", }, { name: "1029650", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029650", }, { name: "20140117 Open-Xchange Security Advisory 2014-01-17", refsource: "BUGTRAQ", url: "http://seclists.org/bugtraq/2014/Jan/57", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-7140", datePublished: "2014-01-26T20:00:00", dateReserved: "2013-12-18T00:00:00", dateUpdated: "2024-08-06T18:01:19.433Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37313
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 14:33
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:20.979Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://open-xchange.com", }, { tags: [ "x_transferred", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-37313", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T14:33:05.707961Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T14:33:40.561Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-26T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://open-xchange.com", }, { url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37313", datePublished: "2022-12-26T00:00:00.000Z", dateReserved: "2022-08-01T00:00:00.000Z", dateUpdated: "2025-04-14T14:33:40.561Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6912
Vulnerability from cvelistv5
Published
2019-05-22 19:19
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:41:17.684Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-22T19:19:21", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6912", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://open-xchange.com", refsource: "MISC", url: "http://open-xchange.com", }, { name: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6912", datePublished: "2019-05-22T19:19:21", dateReserved: "2017-03-15T00:00:00", dateUpdated: "2024-08-05T15:41:17.684Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17061
Vulnerability from cvelistv5
Published
2019-05-23 14:42
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/components/releasenotes/7.8.3/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:43:59.818Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/components/releasenotes/7.8.3/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T14:42:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/components/releasenotes/7.8.3/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17061", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "https://documentation.open-xchange.com/components/releasenotes/7.8.3/", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/components/releasenotes/7.8.3/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17061", datePublished: "2019-05-23T14:42:19", dateReserved: "2017-11-29T00:00:00", dateUpdated: "2024-08-05T20:43:59.818Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23929
Vulnerability from cvelistv5
Published
2021-01-12 21:26
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:14:09.790Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-12T21:26:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-23929", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-23929", datePublished: "2021-01-12T21:26:28", dateReserved: "2021-01-12T00:00:00", dateUpdated: "2024-08-03T19:14:09.790Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29043
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-12-03 14:33
Severity ?
EPSS score ?
Summary
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:15.511Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-29043", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T19:22:25.304395Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T14:33:59.243Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "office", ], product: "OX App Suite", vendor: "OX Software GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev7", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.</p>", }, ], value: "Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T07:07:53.229Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], source: { defect: [ "DOCS-4928", ], discovery: "INTERNAL", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-29043", datePublished: "2023-11-02T13:01:28.171Z", dateReserved: "2023-03-30T09:34:25.188Z", dateUpdated: "2024-12-03T14:33:59.243Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8544
Vulnerability from cvelistv5
Published
2020-06-16 13:50
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:03:46.436Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows SSRF.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-16T13:50:52", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-8544", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.3 allows SSRF.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, { name: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-8544", datePublished: "2020-06-16T13:50:52", dateReserved: "2020-02-03T00:00:00", dateUpdated: "2024-08-04T10:03:46.436Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26452
Vulnerability from cvelistv5
Published
2023-11-02 13:00
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev5 Version: 0 ≤ 8.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:53:52.901Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "office", ], product: "OX App Suite", vendor: "OX Software GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev5", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "8.12", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.</p>", }, ], value: "Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T07:08:54.928Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], source: { defect: [ "DOCS-4800", ], discovery: "EXTERNAL", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-26452", datePublished: "2023-11-02T13:00:42.608Z", dateReserved: "2023-02-22T20:42:56.092Z", dateUpdated: "2024-08-02T11:53:52.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6847
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93457 | vdb-entry, x_refsource_BID | |
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:43:37.919Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "93457", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93457", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-26T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "93457", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93457", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-6847", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "93457", refsource: "BID", url: "http://www.securityfocus.com/bid/93457", }, { name: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-6847", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-08-18T00:00:00", dateUpdated: "2024-08-06T01:43:37.919Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41706
Vulnerability from cvelistv5
Published
2024-02-12 08:15
Modified
2024-08-02 19:01
Severity ?
EPSS score ?
Summary
Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open-Xchange GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev55 Version: 0 ≤ 7.6.3-rev71 Version: 0 ≤ 8.19 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-41706", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-12T16:27:35.682374Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:20:51.257Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T19:01:35.419Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "backend", ], product: "OX App Suite", vendor: "Open-Xchange GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev55", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "7.6.3-rev71", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "8.19", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Uncontrolled Resource Consumption", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-16T14:08:51.845Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, ], source: { defect: "MWB-2367", discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-41706", datePublished: "2024-02-12T08:15:24.085Z", dateReserved: "2023-08-30T16:21:49.912Z", dateUpdated: "2024-08-02T19:01:35.419Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41703
Vulnerability from cvelistv5
Published
2024-02-12 08:15
Modified
2024-08-02 19:01
Severity ?
EPSS score ?
Summary
User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open-Xchange GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev9 Version: 0 ≤ 8.19 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-41703", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-22T16:39:46.593028Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:21:38.083Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T19:01:35.515Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "office", ], product: "OX App Suite", vendor: "Open-Xchange GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev9", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "8.19", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-16T14:08:48.074Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, ], source: { defect: "DOCS-4483", discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-41703", datePublished: "2024-02-12T08:15:21.605Z", dateReserved: "2023-08-30T16:21:49.911Z", dateUpdated: "2024-08-02T19:01:35.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16717
Vulnerability from cvelistv5
Published
2020-01-06 19:35
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.2 has XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Jan/7 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2020/Jan/7 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:17:41.102Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, { name: "20200103 Open-Xchange Security Advisory 2020-01-02", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.2 has XSS.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-06T19:38:52", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, { name: "20200103 Open-Xchange Security Advisory 2020-01-02", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-16717", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.2 has XSS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, { name: "20200103 Open-Xchange Security Advisory 2020-01-02", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { name: "http://seclists.org/fulldisclosure/2020/Jan/7", refsource: "MISC", url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { name: "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16717", datePublished: "2020-01-06T19:35:53", dateReserved: "2019-09-23T00:00:00", dateUpdated: "2024-08-05T01:17:41.102Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12646
Vulnerability from cvelistv5
Published
2020-08-31 14:30
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:04:22.481Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-31T14:30:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12646", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12646", datePublished: "2020-08-31T14:30:03", dateReserved: "2020-05-04T00:00:00", dateUpdated: "2024-08-04T12:04:22.481Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-5200
Vulnerability from cvelistv5
Published
2013-09-25 10:00
Modified
2024-09-16 23:56
Severity ?
EPSS score ?
Summary
The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:06:52.308Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130910 Open-Xchange Security Advisory 2013-09-10", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-25T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20130910 Open-Xchange Security Advisory 2013-09-10", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-5200", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130910 Open-Xchange Security Advisory 2013-09-10", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-5200", datePublished: "2013-09-25T10:00:00Z", dateReserved: "2013-08-15T00:00:00Z", dateUpdated: "2024-09-16T23:56:38.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23933
Vulnerability from cvelistv5
Published
2021-01-12 21:25
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:14:09.678Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-12T21:25:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-23933", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-23933", datePublished: "2021-01-12T21:25:44", dateReserved: "2021-01-12T00:00:00", dateUpdated: "2024-08-03T19:14:09.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-5752
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:40:51.241Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-08T00:00:00", descriptions: [ { lang: "en", value: "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-5752", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-5752", datePublished: "2018-06-15T21:00:00", dateReserved: "2018-01-17T00:00:00", dateUpdated: "2024-08-05T05:40:51.241Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2582
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-16 18:08
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:44:32.235Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130417 Open-Xchange Security Advisory 2013-04-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-05T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20130417 Open-Xchange Security Advisory 2013-04-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-2582", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130417 Open-Xchange Security Advisory 2013-04-17", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-2582", datePublished: "2013-09-05T10:00:00Z", dateReserved: "2013-03-15T00:00:00Z", dateUpdated: "2024-09-16T18:08:06.780Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4027
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036157 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:17:30.884Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036157", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036157", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1036157", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036157", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4027", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036157", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036157", }, { name: "http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html", refsource: "CONFIRM", url: "http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4027", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-04-15T00:00:00", dateUpdated: "2024-08-06T00:17:30.884Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28945
Vulnerability from cvelistv5
Published
2021-05-03 19:38
Modified
2024-08-04 16:47
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.
References
| ▼ | URL | Tags |
|---|---|---|
| https://open-xchange.com | x_refsource_MISC | |
| https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:47:59.906Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://open-xchange.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-03T19:38:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://open-xchange.com", }, { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-28945", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://open-xchange.com", refsource: "MISC", url: "https://open-xchange.com", }, { name: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-28945", datePublished: "2021-05-03T19:38:27", dateReserved: "2020-11-19T00:00:00", dateUpdated: "2024-08-04T16:47:59.906Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29045
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:14.652Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "office", ], product: "OX App Suite", vendor: "OX Software GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev7", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.</p>", }, ], value: "Documents operations, in this case \"drawing\", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T07:08:13.807Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], source: { defect: [ "DOCS-4926", ], discovery: "INTERNAL", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-29045", datePublished: "2023-11-02T13:01:35.652Z", dateReserved: "2023-03-30T09:34:25.188Z", dateUpdated: "2024-08-02T14:00:14.652Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-5235
Vulnerability from cvelistv5
Published
2014-09-17 14:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/69792 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/533443/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/61080 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html | x_refsource_MISC | |
| http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:41:48.496Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "69792", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/69792", }, { name: "20140915 Open-Xchange Security Advisory 2014-09-15", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/533443/100/0/threaded", }, { name: "61080", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61080", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-15T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "69792", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/69792", }, { name: "20140915 Open-Xchange Security Advisory 2014-09-15", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/533443/100/0/threaded", }, { name: "61080", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61080", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-5235", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "69792", refsource: "BID", url: "http://www.securityfocus.com/bid/69792", }, { name: "20140915 Open-Xchange Security Advisory 2014-09-15", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/533443/100/0/threaded", }, { name: "61080", refsource: "SECUNIA", url: "http://secunia.com/advisories/61080", }, { name: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { name: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", refsource: "CONFIRM", url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-5235", datePublished: "2014-09-17T14:00:00", dateReserved: "2014-08-13T00:00:00", dateUpdated: "2024-08-06T11:41:48.496Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2583
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-16 19:31
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:44:32.664Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130417 Open-Xchange Security Advisory 2013-04-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-05T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20130417 Open-Xchange Security Advisory 2013-04-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-2583", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130417 Open-Xchange Security Advisory 2013-04-17", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-2583", datePublished: "2013-09-05T10:00:00Z", dateReserved: "2013-03-15T00:00:00Z", dateUpdated: "2024-09-16T19:31:11.662Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6844
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93457 | vdb-entry, x_refsource_BID | |
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:43:38.422Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "93457", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93457", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files \"in browser\" based on our Mail or Drive app. In case of \"a\" tags, this may include link targets with base64 encoded \"data\" references. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-26T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "93457", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93457", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-6844", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files \"in browser\" based on our Mail or Drive app. In case of \"a\" tags, this may include link targets with base64 encoded \"data\" references. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "93457", refsource: "BID", url: "http://www.securityfocus.com/bid/93457", }, { name: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-6844", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-08-18T00:00:00", dateUpdated: "2024-08-06T01:43:38.422Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29044
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:14.693Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "office", ], product: "OX App Suite", vendor: "OX Software GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev7", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.</p>", }, ], value: "Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T07:08:04.419Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], source: { defect: [ "DOCS-4927", ], discovery: "INTERNAL", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-29044", datePublished: "2023-11-02T13:01:31.388Z", dateReserved: "2023-03-30T09:34:25.188Z", dateUpdated: "2024-08-02T14:00:14.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-9997
Vulnerability from cvelistv5
Published
2018-07-05 20:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041213 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2018/Jul/12 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:32:00.750Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041213", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041213", }, { name: "20180702 Open-Xchange Security Advisory 2018-07-02", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Jul/12", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-02T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-16T22:06:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1041213", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041213", }, { name: "20180702 Open-Xchange Security Advisory 2018-07-02", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Jul/12", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-9997", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1041213", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041213", }, { name: "20180702 Open-Xchange Security Advisory 2018-07-02", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Jul/12", }, { name: "http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-9997", datePublished: "2018-07-05T20:00:00", dateReserved: "2018-04-10T00:00:00", dateUpdated: "2024-08-05T07:32:00.750Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17062
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:43:59.444Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-08T00:00:00", descriptions: [ { lang: "en", value: "The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17062", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17062", datePublished: "2018-06-15T21:00:00", dateReserved: "2017-11-29T00:00:00", dateUpdated: "2024-08-05T20:43:59.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26698
Vulnerability from cvelistv5
Published
2021-07-22 16:07
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:33:40.151Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com", }, { name: "20210716 Open-Xchange Security Advisory 2021-07-15", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-25T13:41:59", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com", }, { name: "20210716 Open-Xchange Security Advisory 2021-07-15", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-26698", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com", refsource: "MISC", url: "https://www.open-xchange.com", }, { name: "20210716 Open-Xchange Security Advisory 2021-07-15", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { name: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, { name: "http://seclists.org/fulldisclosure/2021/Jul/33", refsource: "CONFIRM", url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-26698", datePublished: "2021-07-22T16:07:36", dateReserved: "2021-02-04T00:00:00", dateUpdated: "2024-08-03T20:33:40.151Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-6242
Vulnerability from cvelistv5
Published
2020-01-02 18:05
Modified
2024-08-06 17:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:38:58.895Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/bugtraq/2013/Nov/127", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securitytracker.com/id/1029394", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-11-25T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-02T18:05:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/bugtraq/2013/Nov/127", }, { tags: [ "x_refsource_MISC", ], url: "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securitytracker.com/id/1029394", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-6242", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { name: "http://seclists.org/bugtraq/2013/Nov/127", refsource: "MISC", url: "http://seclists.org/bugtraq/2013/Nov/127", }, { name: "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6", refsource: "MISC", url: "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6", }, { name: "http://www.securitytracker.com/id/1029394", refsource: "MISC", url: "http://www.securitytracker.com/id/1029394", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-6242", datePublished: "2020-01-02T18:05:42", dateReserved: "2013-10-22T00:00:00", dateUpdated: "2024-08-06T17:38:58.895Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37307
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 14:44
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:20.607Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://open-xchange.com", }, { tags: [ "x_transferred", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-37307", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T14:43:42.890731Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T14:44:24.195Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-26T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://open-xchange.com", }, { url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37307", datePublished: "2022-12-26T00:00:00.000Z", dateReserved: "2022-08-01T00:00:00.000Z", dateUpdated: "2025-04-14T14:44:24.195Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14227
Vulnerability from cvelistv5
Published
2019-10-14 16:17
Modified
2024-08-05 00:12
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.1 and 7.10.2 allows XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2019/Oct/25 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:12:42.857Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20191011 Open-Xchange Security Advisory 2019-10-09", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Oct/25", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.1 and 7.10.2 allows XSS.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-14T16:22:25", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20191011 Open-Xchange Security Advisory 2019-10-09", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Oct/25", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-14227", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.1 and 7.10.2 allows XSS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20191011 Open-Xchange Security Advisory 2019-10-09", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Oct/25", }, { name: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14227", datePublished: "2019-10-14T16:17:17", dateReserved: "2019-07-21T00:00:00", dateUpdated: "2024-08-05T00:12:42.857Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-9809
Vulnerability from cvelistv5
Published
2019-05-22 18:54
Modified
2024-08-05 17:18
Severity ?
EPSS score ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:18:02.184Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-22T18:54:58", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-9809", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-9809", datePublished: "2019-05-22T18:54:58", dateReserved: "2017-06-22T00:00:00", dateUpdated: "2024-08-05T17:18:02.184Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-5234
Vulnerability from cvelistv5
Published
2014-09-17 14:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/533443/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/69796 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/61080 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html | x_refsource_MISC | |
| http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:41:47.809Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140915 Open-Xchange Security Advisory 2014-09-15", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/533443/100/0/threaded", }, { name: "69796", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/69796", }, { name: "61080", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61080", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-15T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20140915 Open-Xchange Security Advisory 2014-09-15", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/533443/100/0/threaded", }, { name: "69796", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/69796", }, { name: "61080", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61080", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-5234", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140915 Open-Xchange Security Advisory 2014-09-15", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/533443/100/0/threaded", }, { name: "69796", refsource: "BID", url: "http://www.securityfocus.com/bid/69796", }, { name: "61080", refsource: "SECUNIA", url: "http://secunia.com/advisories/61080", }, { name: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { name: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", refsource: "CONFIRM", url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-5234", datePublished: "2014-09-17T14:00:00", dateReserved: "2014-08-13T00:00:00", dateUpdated: "2024-08-06T11:41:47.809Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8543
Vulnerability from cvelistv5
Published
2020-06-16 13:46
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 has Improper Input Validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:03:46.150Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 has Improper Input Validation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-16T13:46:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-8543", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.3 has Improper Input Validation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, { name: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-8543", datePublished: "2020-06-16T13:46:10", dateReserved: "2020-02-03T00:00:00", dateUpdated: "2024-08-04T10:03:46.150Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-7486
Vulnerability from cvelistv5
Published
2020-01-02 18:05
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029394 | vdb-entry, x_refsource_SECTRACK | |
| http://xforce.iss.net/xforce/xfdb/89250 | vdb-entry, x_refsource_XF | |
| http://seclists.org/bugtraq/2013/Nov/127 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:09:17.080Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1029394", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029394", }, { name: "openxchange-cve20136242-xss(89250)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://xforce.iss.net/xforce/xfdb/89250", }, { name: "20131125 Open-Xchange Security Advisory 2013-11-25", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2013/Nov/127", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-11-25T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-02T18:05:38", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1029394", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029394", }, { name: "openxchange-cve20136242-xss(89250)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://xforce.iss.net/xforce/xfdb/89250", }, { name: "20131125 Open-Xchange Security Advisory 2013-11-25", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2013/Nov/127", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-7486", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1029394", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029394", }, { name: "openxchange-cve20136242-xss(89250)", refsource: "XF", url: "http://xforce.iss.net/xforce/xfdb/89250", }, { name: "20131125 Open-Xchange Security Advisory 2013-11-25", refsource: "BUGTRAQ", url: "http://seclists.org/bugtraq/2013/Nov/127", }, { name: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { name: "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6", refsource: "CONFIRM", url: "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-7486", datePublished: "2020-01-02T18:05:38", dateReserved: "2020-01-02T00:00:00", dateUpdated: "2024-08-06T18:09:17.080Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-7485
Vulnerability from cvelistv5
Published
2020-01-02 18:05
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/100385 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id/1029394 | vdb-entry, x_refsource_SECTRACK | |
| http://xforce.iss.net/xforce/xfdb/89251 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/55837 | third-party-advisory, x_refsource_SECUNIA | |
| http://xforce.iss.net/xforce/xfdb/89250 | vdb-entry, x_refsource_XF | |
| http://seclists.org/bugtraq/2013/Nov/127 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:09:17.021Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "100385", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/100385", }, { name: "1029394", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029394", }, { name: "openxchange-appsuite-url-xss(89251)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://xforce.iss.net/xforce/xfdb/89251", }, { name: "55837", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/55837", }, { name: "openxchange-cve20136242-xss(89250)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://xforce.iss.net/xforce/xfdb/89250", }, { name: "20131125 Open-Xchange Security Advisory 2013-11-25", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2013/Nov/127", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-11-25T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-02T18:05:35", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "100385", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/100385", }, { name: "1029394", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029394", }, { name: "openxchange-appsuite-url-xss(89251)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://xforce.iss.net/xforce/xfdb/89251", }, { name: "55837", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/55837", }, { name: "openxchange-cve20136242-xss(89250)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://xforce.iss.net/xforce/xfdb/89250", }, { name: "20131125 Open-Xchange Security Advisory 2013-11-25", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2013/Nov/127", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-7485", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "100385", refsource: "OSVDB", url: "http://osvdb.org/100385", }, { name: "1029394", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029394", }, { name: "openxchange-appsuite-url-xss(89251)", refsource: "XF", url: "http://xforce.iss.net/xforce/xfdb/89251", }, { name: "55837", refsource: "SECUNIA", url: "http://secunia.com/advisories/55837", }, { name: "openxchange-cve20136242-xss(89250)", refsource: "XF", url: "http://xforce.iss.net/xforce/xfdb/89250", }, { name: "20131125 Open-Xchange Security Advisory 2013-11-25", refsource: "BUGTRAQ", url: "http://seclists.org/bugtraq/2013/Nov/127", }, { name: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html", }, { name: "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0", refsource: "CONFIRM", url: "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-7485", datePublished: "2020-01-02T18:05:35", dateReserved: "2020-01-02T00:00:00", dateUpdated: "2024-08-06T18:09:17.021Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-5124
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering).
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/538892/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1036296 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/91775 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:53:48.275Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html", }, { name: "20160713 Open-Xchange Security Advisory 2016-07-13", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/538892/100/0/threaded", }, { name: "1036296", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036296", }, { name: "91775", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91775", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html", }, { name: "20160713 Open-Xchange Security Advisory 2016-07-13", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/538892/100/0/threaded", }, { name: "1036296", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036296", }, { name: "91775", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91775", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-5124", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html", refsource: "CONFIRM", url: "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html", }, { name: "20160713 Open-Xchange Security Advisory 2016-07-13", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/538892/100/0/threaded", }, { name: "1036296", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036296", }, { name: "91775", refsource: "BID", url: "http://www.securityfocus.com/bid/91775", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-5124", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-05-30T00:00:00", dateUpdated: "2024-08-06T00:53:48.275Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-9998
Vulnerability from cvelistv5
Published
2018-07-05 20:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041213 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2018/Jul/12 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:32:00.693Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041213", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041213", }, { name: "20180702 Open-Xchange Security Advisory 2018-07-02", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Jul/12", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-02T00:00:00", descriptions: [ { lang: "en", value: "Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an \"all\" action to api/tasks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-06T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1041213", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041213", }, { name: "20180702 Open-Xchange Security Advisory 2018-07-02", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Jul/12", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-9998", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an \"all\" action to api/tasks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1041213", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041213", }, { name: "20180702 Open-Xchange Security Advisory 2018-07-02", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Jul/12", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-9998", datePublished: "2018-07-05T20:00:00", dateReserved: "2018-04-10T00:00:00", dateUpdated: "2024-08-05T07:32:00.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-7871
Vulnerability from cvelistv5
Published
2014-11-21 15:00
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/70982 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/533936/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98563 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:03:27.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html", }, { name: "70982", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/70982", }, { name: "20141107 Open-Xchange Security Advisory 2014-11-07", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/533936/100/0/threaded", }, { name: "oxappsuite-cve20147871-sql-injection(98563)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98563", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-11-07T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html", }, { name: "70982", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/70982", }, { name: "20141107 Open-Xchange Security Advisory 2014-11-07", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/533936/100/0/threaded", }, { name: "oxappsuite-cve20147871-sql-injection(98563)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98563", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-7871", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html", }, { name: "70982", refsource: "BID", url: "http://www.securityfocus.com/bid/70982", }, { name: "20141107 Open-Xchange Security Advisory 2014-11-07", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/533936/100/0/threaded", }, { name: "oxappsuite-cve20147871-sql-injection(98563)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98563", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-7871", datePublished: "2014-11-21T15:00:00", dateReserved: "2014-10-06T00:00:00", dateUpdated: "2024-08-06T13:03:27.599Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4046
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036157 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:17:30.780Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036157", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1036157", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4046", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036157", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4046", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-04-20T00:00:00", dateUpdated: "2024-08-06T00:17:30.780Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4790
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-16 16:34
Severity ?
EPSS score ?
Summary
Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:52:27.141Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130731 Open-Xchange Security Advisory 2013-07-31", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-05T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20130731 Open-Xchange Security Advisory 2013-07-31", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4790", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130731 Open-Xchange Security Advisory 2013-07-31", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4790", datePublished: "2013-09-05T10:00:00Z", dateReserved: "2013-07-11T00:00:00Z", dateUpdated: "2024-09-16T16:34:08.142Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11806
Vulnerability from cvelistv5
Published
2019-08-20 12:35
Modified
2024-08-04 23:03
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.1 and earlier has Insecure Permissions.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:03:32.981Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.1 and earlier has Insecure Permissions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-20T12:35:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-11806", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.1 and earlier has Insecure Permissions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-11806", datePublished: "2019-08-20T12:35:16", dateReserved: "2019-05-06T00:00:00", dateUpdated: "2024-08-04T23:03:32.981Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-13667
Vulnerability from cvelistv5
Published
2019-05-23 17:28
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:05:19.363Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T17:28:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-13667", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-13667", datePublished: "2019-05-23T17:28:41", dateReserved: "2017-08-24T00:00:00", dateUpdated: "2024-08-05T19:05:19.363Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31934
Vulnerability from cvelistv5
Published
2021-04-30 21:19
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:31.373Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-30T21:19:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-31934", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-31934", datePublished: "2021-04-30T21:19:43", dateReserved: "2021-04-30T00:00:00", dateUpdated: "2024-08-03T23:10:31.373Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23928
Vulnerability from cvelistv5
Published
2021-01-12 21:26
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:14:09.755Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-12T21:26:40", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-23928", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-23928", datePublished: "2021-01-12T21:26:40", dateReserved: "2021-01-12T00:00:00", dateUpdated: "2024-08-03T19:14:09.755Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-7141
Vulnerability from cvelistv5
Published
2014-01-26 20:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/65009 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90544 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1029650 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/102192 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/bugtraq/2014/Jan/57 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:01:19.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "65009", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65009", }, { name: "openxchange-cve20137141-xss(90544)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90544", }, { name: "1029650", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029650", }, { name: "102192", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/102192", }, { name: "20140117 Open-Xchange Security Advisory 2014-01-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2014/Jan/57", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-01-17T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted \"<%\" tags.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "65009", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65009", }, { name: "openxchange-cve20137141-xss(90544)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90544", }, { name: "1029650", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029650", }, { name: "102192", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/102192", }, { name: "20140117 Open-Xchange Security Advisory 2014-01-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2014/Jan/57", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-7141", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted \"<%\" tags.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "65009", refsource: "BID", url: "http://www.securityfocus.com/bid/65009", }, { name: "openxchange-cve20137141-xss(90544)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90544", }, { name: "1029650", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029650", }, { name: "102192", refsource: "OSVDB", url: "http://osvdb.org/102192", }, { name: "20140117 Open-Xchange Security Advisory 2014-01-17", refsource: "BUGTRAQ", url: "http://seclists.org/bugtraq/2014/Jan/57", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-7141", datePublished: "2014-01-26T20:00:00", dateReserved: "2013-12-18T00:00:00", dateUpdated: "2024-08-06T18:01:19.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-2393
Vulnerability from cvelistv5
Published
2014-04-17 20:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/531762 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:14:25.720Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140408 Open-Xchange Security Advisory 2014-04-08", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/531762", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-04-08T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-04-17T20:57:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20140408 Open-Xchange Security Advisory 2014-04-08", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/531762", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-2393", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140408 Open-Xchange Security Advisory 2014-04-08", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/531762", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-2393", datePublished: "2014-04-17T20:00:00", dateReserved: "2014-03-13T00:00:00", dateUpdated: "2024-08-06T10:14:25.720Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6845
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93457 | vdb-entry, x_refsource_BID | |
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:43:37.855Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "93457", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93457", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded \"data\" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-26T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "93457", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93457", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-6845", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded \"data\" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "93457", refsource: "BID", url: "http://www.securityfocus.com/bid/93457", }, { name: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-6845", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-08-18T00:00:00", dateUpdated: "2024-08-06T01:43:37.855Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-5934
Vulnerability from cvelistv5
Published
2013-09-25 10:00
Modified
2024-09-16 18:54
Severity ?
EPSS score ?
Summary
Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:29:41.632Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130910 Open-Xchange Security Advisory 2013-09-10", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-25T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20130910 Open-Xchange Security Advisory 2013-09-10", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-5934", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130910 Open-Xchange Security Advisory 2013-09-10", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-5934", datePublished: "2013-09-25T10:00:00Z", dateReserved: "2013-09-25T00:00:00Z", dateUpdated: "2024-09-16T18:54:18.720Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11522
Vulnerability from cvelistv5
Published
2019-08-20 12:31
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.0 to 7.10.2 allows XSS.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:55:40.699Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.0 to 7.10.2 allows XSS.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-20T12:31:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-11522", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.0 to 7.10.2 allows XSS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-11522", datePublished: "2019-08-20T12:31:28", dateReserved: "2019-04-25T00:00:00", dateUpdated: "2024-08-04T22:55:40.699Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23932
Vulnerability from cvelistv5
Published
2021-01-12 21:25
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:14:09.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-12T21:25:56", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-23932", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-23932", datePublished: "2021-01-12T21:25:56", dateReserved: "2021-01-12T00:00:00", dateUpdated: "2024-08-03T19:14:09.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-7142
Vulnerability from cvelistv5
Published
2014-01-26 20:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90545 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/102193 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id/1029650 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/65012 | vdb-entry, x_refsource_BID | |
| http://seclists.org/bugtraq/2014/Jan/57 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:01:19.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openxchange-cve20137142-xss(90545)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90545", }, { name: "102193", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/102193", }, { name: "1029650", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029650", }, { name: "65012", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65012", }, { name: "20140117 Open-Xchange Security Advisory 2014-01-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2014/Jan/57", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-01-17T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "openxchange-cve20137142-xss(90545)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90545", }, { name: "102193", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/102193", }, { name: "1029650", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029650", }, { name: "65012", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65012", }, { name: "20140117 Open-Xchange Security Advisory 2014-01-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2014/Jan/57", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-7142", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openxchange-cve20137142-xss(90545)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90545", }, { name: "102193", refsource: "OSVDB", url: "http://osvdb.org/102193", }, { name: "1029650", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029650", }, { name: "65012", refsource: "BID", url: "http://www.securityfocus.com/bid/65012", }, { name: "20140117 Open-Xchange Security Advisory 2014-01-17", refsource: "BUGTRAQ", url: "http://seclists.org/bugtraq/2014/Jan/57", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-7142", datePublished: "2014-01-26T20:00:00", dateReserved: "2013-12-18T00:00:00", dateUpdated: "2024-08-06T18:01:19.326Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-5236
Vulnerability from cvelistv5
Published
2020-01-31 21:16
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:41:48.270Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-15T00:00:00", descriptions: [ { lang: "en", value: "Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-31T21:16:52", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-5236", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { name: "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", refsource: "MISC", url: "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", }, { name: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", refsource: "MISC", url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-5236", datePublished: "2020-01-31T21:16:52", dateReserved: "2014-08-13T00:00:00", dateUpdated: "2024-08-06T11:41:48.270Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31469
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 14:11
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:19:06.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://open-xchange.com", }, { tags: [ "x_transferred", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-31469", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T14:09:28.873452Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T14:11:39.022Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class=\"deep-link-app\" for a /#!!&app=%2e./ URI.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-26T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://open-xchange.com", }, { url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-31469", datePublished: "2022-12-26T00:00:00.000Z", dateReserved: "2022-05-23T00:00:00.000Z", dateUpdated: "2025-04-14T14:11:39.022Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14226
Vulnerability from cvelistv5
Published
2019-10-14 16:29
Modified
2024-08-05 00:12
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.2 has Insecure Permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2019/Oct/25 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:12:43.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, { name: "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2019/Oct/25", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.2 has Insecure Permissions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-14T16:29:52", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, { name: "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "https://seclists.org/fulldisclosure/2019/Oct/25", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-14226", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.2 has Insecure Permissions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html", }, { name: "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09", refsource: "FULLDISC", url: "https://seclists.org/fulldisclosure/2019/Oct/25", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14226", datePublished: "2019-10-14T16:29:01", dateReserved: "2019-07-21T00:00:00", dateUpdated: "2024-08-05T00:12:43.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37312
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 14:35
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:20.708Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://open-xchange.com", }, { tags: [ "x_transferred", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2022-37312", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T14:35:07.149571Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1284", description: "CWE-1284 Improper Validation of Specified Quantity in Input", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T14:35:39.930Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-26T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://open-xchange.com", }, { url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37312", datePublished: "2022-12-26T00:00:00.000Z", dateReserved: "2022-08-01T00:00:00.000Z", dateUpdated: "2025-04-14T14:35:39.930Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29853
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 18:27
Severity ?
EPSS score ?
Summary
OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:33:42.880Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://open-xchange.com", }, { tags: [ "x_transferred", ], url: "https://seclists.org/fulldisclosure/2022/Sep/0", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-29853", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T14:32:18.316087Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T18:27:59.904Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-26T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://open-xchange.com", }, { url: "https://seclists.org/fulldisclosure/2022/Sep/0", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-29853", datePublished: "2022-12-26T00:00:00.000Z", dateReserved: "2022-04-27T00:00:00.000Z", dateUpdated: "2025-04-14T18:27:59.904Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-5755
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:40:51.291Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-08T00:00:00", descriptions: [ { lang: "en", value: "Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-5755", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-5755", datePublished: "2018-06-15T21:00:00", dateReserved: "2018-01-17T00:00:00", dateUpdated: "2024-08-05T05:40:51.291Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-2078
Vulnerability from cvelistv5
Published
2018-04-10 15:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/531502/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92017 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:58:16.324Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140317 Open-Xchange Security Advisory 2014-03-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/531502/100/0/threaded", }, { name: "appsuite-cve20142078-info-disc(92017)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92017", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-03-17T00:00:00", descriptions: [ { lang: "en", value: "The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20140317 Open-Xchange Security Advisory 2014-03-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/531502/100/0/threaded", }, { name: "appsuite-cve20142078-info-disc(92017)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92017", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-2078", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140317 Open-Xchange Security Advisory 2014-03-17", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/531502/100/0/threaded", }, { name: "appsuite-cve20142078-info-disc(92017)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92017", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-2078", datePublished: "2018-04-10T15:00:00", dateReserved: "2014-02-19T00:00:00", dateUpdated: "2024-08-06T09:58:16.324Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4048
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036157 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:17:30.855Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036157", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1036157", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4048", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036157", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4048", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-04-20T00:00:00", dateUpdated: "2024-08-06T00:17:30.855Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4047
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036157 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:17:30.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036157", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1036157", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4047", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036157", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4047", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-04-20T00:00:00", dateUpdated: "2024-08-06T00:17:30.050Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-5863
Vulnerability from cvelistv5
Published
2019-05-22 19:45
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:11:48.817Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-22T19:45:38", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-5863", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://open-xchange.com", refsource: "MISC", url: "http://open-xchange.com", }, { name: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-5863", datePublished: "2019-05-22T19:45:38", dateReserved: "2017-02-02T00:00:00", dateUpdated: "2024-08-05T15:11:48.817Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37402
Vulnerability from cvelistv5
Published
2021-07-22 16:19
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:16:04.078Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-22T16:19:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com", }, { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-37402", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com", refsource: "MISC", url: "https://www.open-xchange.com", }, { name: "http://seclists.org/fulldisclosure/2021/Jul/33", refsource: "MISC", url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-37402", datePublished: "2021-07-22T16:19:12", dateReserved: "2021-07-22T00:00:00", dateUpdated: "2024-08-04T01:16:04.078Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-6074
Vulnerability from cvelistv5
Published
2013-11-19 15:00
Modified
2024-08-06 17:29
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/88609 | vdb-entry, x_refsource_XF | |
| https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0 | x_refsource_CONFIRM | |
| http://osvdb.org/99487 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html | x_refsource_MISC | |
| http://secunia.com/advisories/55575 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:29:42.999Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openxchange-cve20136074-xss(88609)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88609", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0", }, { name: "99487", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/99487", }, { name: "20131106 Open-Xchange Security Advisory 2013-11-06", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html", }, { name: "55575", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/55575", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-11-06T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "openxchange-cve20136074-xss(88609)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88609", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0", }, { name: "99487", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/99487", }, { name: "20131106 Open-Xchange Security Advisory 2013-11-06", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html", }, { name: "55575", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/55575", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-6074", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openxchange-cve20136074-xss(88609)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88609", }, { name: "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0", refsource: "CONFIRM", url: "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0", }, { name: "99487", refsource: "OSVDB", url: "http://osvdb.org/99487", }, { name: "20131106 Open-Xchange Security Advisory 2013-11-06", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html", }, { name: "http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html", }, { name: "55575", refsource: "SECUNIA", url: "http://secunia.com/advisories/55575", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-6074", datePublished: "2013-11-19T15:00:00", dateReserved: "2013-10-11T00:00:00", dateUpdated: "2024-08-06T17:29:42.999Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12643
Vulnerability from cvelistv5
Published
2020-08-31 14:24
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Aug/14 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:04:22.526Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, { name: "20200821 Open-Xchange Security Advisory 2020-08-20", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Aug/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-31T14:24:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, { name: "20200821 Open-Xchange Security Advisory 2020-08-20", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Aug/14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12643", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, { name: "20200821 Open-Xchange Security Advisory 2020-08-20", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Aug/14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12643", datePublished: "2020-08-31T14:24:01", dateReserved: "2020-05-04T00:00:00", dateUpdated: "2024-08-04T12:04:22.526Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-5210
Vulnerability from cvelistv5
Published
2019-05-23 14:34
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:55:35.691Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T14:34:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-5210", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://open-xchange.com", refsource: "MISC", url: "http://open-xchange.com", }, { name: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-5210", datePublished: "2019-05-23T14:34:45", dateReserved: "2017-01-09T00:00:00", dateUpdated: "2024-08-05T14:55:35.691Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26455
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev48 Version: 0 ≤ 8.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:53:52.767Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "backend", ], product: "OX App Suite", vendor: "OX Software GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev48", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "8.12", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.</p>", }, ], value: "RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287 Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T07:09:24.702Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], source: { defect: [ "MWB-1996", ], discovery: "EXTERNAL", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-26455", datePublished: "2023-11-02T13:01:20.424Z", dateReserved: "2023-02-22T20:42:56.092Z", dateUpdated: "2024-08-02T11:53:52.767Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-12885
Vulnerability from cvelistv5
Published
2019-05-10 14:43
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://app.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:51:07.264Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://app.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-10T14:43:25", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://app.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-12885", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://app.com", refsource: "MISC", url: "http://app.com", }, { name: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-12885", datePublished: "2019-05-10T14:43:25", dateReserved: "2017-08-16T00:00:00", dateUpdated: "2024-08-05T18:51:07.264Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-13104
Vulnerability from cvelistv5
Published
2019-03-17 19:01
Modified
2024-08-05 08:52
Severity ?
EPSS score ?
Summary
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Jan/46 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T08:52:50.420Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jan/46", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-18T00:00:00", descriptions: [ { lang: "en", value: "OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-17T19:01:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", }, { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/fulldisclosure/2019/Jan/46", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-13104", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", }, { name: "http://seclists.org/fulldisclosure/2019/Jan/46", refsource: "MISC", url: "http://seclists.org/fulldisclosure/2019/Jan/46", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-13104", datePublished: "2019-03-17T19:01:06", dateReserved: "2018-07-03T00:00:00", dateUpdated: "2024-08-05T08:52:50.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-15030
Vulnerability from cvelistv5
Published
2019-05-23 14:57
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:42:22.389Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T14:57:58", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-15030", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://open-xchange.com", refsource: "MISC", url: "http://open-xchange.com", }, { name: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-15030", datePublished: "2019-05-23T14:57:58", dateReserved: "2017-10-04T00:00:00", dateUpdated: "2024-08-05T19:42:22.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41708
Vulnerability from cvelistv5
Published
2024-02-12 08:15
Modified
2024-08-02 19:01
Severity ?
EPSS score ?
Summary
References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open-Xchange GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev38 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:01:35.346Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "frontend", ], product: "OX App Suite", vendor: "Open-Xchange GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev38", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "References to the \"app loader\" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-16T14:08:54.485Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, ], source: { defect: "OXUIB-2599", discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-41708", datePublished: "2024-02-12T08:15:25.802Z", dateReserved: "2023-08-30T16:21:49.912Z", dateUpdated: "2024-08-02T19:01:35.346Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-2077
Vulnerability from cvelistv5
Published
2014-03-20 16:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/57290 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:58:16.284Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "57290", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/57290", }, { name: "20140317 Open-Xchange Security Advisory 2014-03-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-03-17T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria \"tags\" for screenreaders at the top bar'.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-03-20T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "57290", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/57290", }, { name: "20140317 Open-Xchange Security Advisory 2014-03-17", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-2077", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria \"tags\" for screenreaders at the top bar'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "57290", refsource: "SECUNIA", url: "http://secunia.com/advisories/57290", }, { name: "20140317 Open-Xchange Security Advisory 2014-03-17", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-2077", datePublished: "2014-03-20T16:00:00", dateReserved: "2014-02-19T00:00:00", dateUpdated: "2024-08-06T09:58:16.284Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15004
Vulnerability from cvelistv5
Published
2020-10-23 04:55
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2020/Oct/20 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:00:52.080Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-23T04:55:35", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", ], url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15004", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, { name: "https://seclists.org/fulldisclosure/2020/Oct/20", refsource: "MISC", url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15004", datePublished: "2020-10-23T04:55:35", dateReserved: "2020-06-24T00:00:00", dateUpdated: "2024-08-04T13:00:52.080Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3173
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/538481/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:58.027Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", }, { name: "20160525 Open-Xchange Security Advisory 2016-05-25", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/538481/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", }, { name: "20160525 Open-Xchange Security Advisory 2016-05-25", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/538481/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-3173", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", refsource: "CONFIRM", url: "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", }, { name: "20160525 Open-Xchange Security Advisory 2016-05-25", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/538481/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-3173", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:47:58.027Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-7159
Vulnerability from cvelistv5
Published
2019-06-18 12:24
Modified
2024-08-04 20:38
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.1 and earlier allows Information Exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:38:33.535Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.1 and earlier allows Information Exposure.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-18T12:24:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-7159", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.1 and earlier allows Information Exposure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-7159", datePublished: "2019-06-18T12:24:18", dateReserved: "2019-01-29T00:00:00", dateUpdated: "2024-08-04T20:38:33.535Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17060
Vulnerability from cvelistv5
Published
2019-05-23 14:44
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/components/releasenotes/7.8.3/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:43:59.296Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/components/releasenotes/7.8.3/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T14:44:38", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/components/releasenotes/7.8.3/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17060", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "https://documentation.open-xchange.com/components/releasenotes/7.8.3/", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/components/releasenotes/7.8.3/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17060", datePublished: "2019-05-23T14:44:38", dateReserved: "2017-11-29T00:00:00", dateUpdated: "2024-08-05T20:43:59.296Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5375
Vulnerability from cvelistv5
Published
2015-09-28 16:00
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/536523/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034018 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:50:00.834Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", }, { name: "20150923 Open-Xchange Security Advisory 2015-09-23", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/536523/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf", }, { name: "1034018", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034018", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-07-22T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", }, { name: "20150923 Open-Xchange Security Advisory 2015-09-23", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/536523/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf", }, { name: "1034018", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034018", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-5375", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", }, { name: "20150923 Open-Xchange Security Advisory 2015-09-23", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/536523/100/0/threaded", }, { name: "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf", refsource: "CONFIRM", url: "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf", }, { name: "1034018", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034018", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-5375", datePublished: "2015-09-28T16:00:00", dateReserved: "2015-07-06T00:00:00", dateUpdated: "2024-08-06T06:50:00.834Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26453
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev5 Version: 0 ≤ 8.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:53:52.759Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "office", ], product: "OX App Suite", vendor: "OX Software GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev5", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "8.12", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.</p>", }, ], value: "Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T07:09:05.302Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], source: { defect: [ "DOCS-4801", ], discovery: "EXTERNAL", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-26453", datePublished: "2023-11-02T13:01:12.014Z", dateReserved: "2023-02-22T20:42:56.092Z", dateUpdated: "2024-08-02T11:53:52.759Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41704
Vulnerability from cvelistv5
Published
2024-02-12 08:15
Modified
2024-08-22 17:55
Severity ?
EPSS score ?
Summary
Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open-Xchange GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev55 Version: 0 ≤ 7.6.3-rev71 Version: 0 ≤ 8.20 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:01:35.488Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41704", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-22T17:54:46.670204Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-22T17:55:14.743Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "backend", ], product: "OX App Suite", vendor: "Open-Xchange GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev55", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "7.6.3-rev71", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "8.20", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-16T14:08:49.359Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, ], source: { defect: "MWB-2393", discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-41704", datePublished: "2024-02-12T08:15:22.352Z", dateReserved: "2023-08-30T16:21:49.912Z", dateUpdated: "2024-08-22T17:55:14.743Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-5213
Vulnerability from cvelistv5
Published
2019-05-23 14:21
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:55:35.598Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T14:21:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-5213", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://open-xchange.com", refsource: "MISC", url: "http://open-xchange.com", }, { name: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-5213", datePublished: "2019-05-23T14:21:22", dateReserved: "2017-01-09T00:00:00", dateUpdated: "2024-08-05T14:55:35.598Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-5211
Vulnerability from cvelistv5
Published
2019-05-23 14:30
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:55:35.626Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T14:30:35", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-5211", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://open-xchange.com", refsource: "MISC", url: "http://open-xchange.com", }, { name: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-5211", datePublished: "2019-05-23T14:30:35", dateReserved: "2017-01-09T00:00:00", dateUpdated: "2024-08-05T14:55:35.626Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-12610
Vulnerability from cvelistv5
Published
2019-01-29 23:00
Modified
2024-08-05 08:38
Severity ?
EPSS score ?
Summary
OX App Suite 7.8.4 and earlier allows Information Exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2019/Jan/10 | mailing-list, x_refsource_FULLDISC | |
| https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T08:38:06.317Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { name: "20190104 Open-Xchange Security Advisory 2018-12-31", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-25T00:00:00", descriptions: [ { lang: "en", value: "OX App Suite 7.8.4 and earlier allows Information Exposure.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-29T22:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { name: "20190104 Open-Xchange Security Advisory 2018-12-31", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-12610", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.8.4 and earlier allows Information Exposure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", refsource: "CONFIRM", url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { name: "20190104 Open-Xchange Security Advisory 2018-12-31", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { name: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-12610", datePublished: "2019-01-29T23:00:00", dateReserved: "2018-06-21T00:00:00", dateUpdated: "2024-08-05T08:38:06.317Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-6997
Vulnerability from cvelistv5
Published
2014-01-09 00:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90113 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/64676 | vdb-entry, x_refsource_BID | |
| http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf | x_refsource_CONFIRM | |
| http://www.osvdb.org/101714 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id/1029554 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/101715 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/530681/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:53:45.844Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openxchange-cve20136997-xss(90113)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90113", }, { name: "64676", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/64676", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf", }, { name: "101714", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/101714", }, { name: "1029554", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029554", }, { name: "101715", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/101715", }, { name: "20140106 Open-Xchange Security Advisory 2014-01-06", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/530681/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-01-06T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing \"crafted hyperlinks with script URL handlers.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "openxchange-cve20136997-xss(90113)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90113", }, { name: "64676", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/64676", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf", }, { name: "101714", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/101714", }, { name: "1029554", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029554", }, { name: "101715", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/101715", }, { name: "20140106 Open-Xchange Security Advisory 2014-01-06", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/530681/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-6997", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing \"crafted hyperlinks with script URL handlers.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openxchange-cve20136997-xss(90113)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90113", }, { name: "64676", refsource: "BID", url: "http://www.securityfocus.com/bid/64676", }, { name: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf", refsource: "CONFIRM", url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf", }, { name: "101714", refsource: "OSVDB", url: "http://www.osvdb.org/101714", }, { name: "1029554", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029554", }, { name: "101715", refsource: "OSVDB", url: "http://www.osvdb.org/101715", }, { name: "20140106 Open-Xchange Security Advisory 2014-01-06", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/530681/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-6997", datePublished: "2014-01-09T00:00:00", dateReserved: "2013-12-06T00:00:00", dateUpdated: "2024-08-06T17:53:45.844Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-13103
Vulnerability from cvelistv5
Published
2019-03-17 18:55
Modified
2024-08-05 08:52
Severity ?
EPSS score ?
Summary
OX App Suite 7.8.4 and earlier allows SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Jan/46 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T08:52:50.520Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jan/46", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-18T00:00:00", descriptions: [ { lang: "en", value: "OX App Suite 7.8.4 and earlier allows SSRF.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-17T18:55:40", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", }, { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/fulldisclosure/2019/Jan/46", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-13103", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.8.4 and earlier allows SSRF.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", }, { name: "http://seclists.org/fulldisclosure/2019/Jan/46", refsource: "MISC", url: "http://seclists.org/fulldisclosure/2019/Jan/46", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-13103", datePublished: "2019-03-17T18:55:40", dateReserved: "2018-07-03T00:00:00", dateUpdated: "2024-08-05T08:52:50.520Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16716
Vulnerability from cvelistv5
Published
2020-01-06 19:43
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.2 has Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2020/Jan/7 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2020/Jan/7 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:17:41.090Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200103 Open-Xchange Security Advisory 2020-01-02", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.2 has Incorrect Access Control.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-06T19:45:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20200103 Open-Xchange Security Advisory 2020-01-02", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-16716", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.2 has Incorrect Access Control.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20200103 Open-Xchange Security Advisory 2020-01-02", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { name: "http://seclists.org/fulldisclosure/2020/Jan/7", refsource: "MISC", url: "http://seclists.org/fulldisclosure/2020/Jan/7", }, { name: "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16716", datePublished: "2020-01-06T19:43:40", dateReserved: "2019-09-23T00:00:00", dateUpdated: "2024-08-05T01:17:41.090Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12645
Vulnerability from cvelistv5
Published
2020-08-31 14:28
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2020/Aug/14 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:04:22.239Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2020/Aug/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-31T14:28:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", ], url: "https://seclists.org/fulldisclosure/2020/Aug/14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12645", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, { name: "https://seclists.org/fulldisclosure/2020/Aug/14", refsource: "MISC", url: "https://seclists.org/fulldisclosure/2020/Aug/14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12645", datePublished: "2020-08-31T14:28:16", dateReserved: "2020-05-04T00:00:00", dateUpdated: "2024-08-04T12:04:22.239Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-5035
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/p/htmlcleaner/bugs/86/ | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:41.212Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/p/htmlcleaner/bugs/86/", }, { name: "20130816 Open-Xchange Security Advisory 2013-08-16", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-05T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/p/htmlcleaner/bugs/86/", }, { name: "20130816 Open-Xchange Security Advisory 2013-08-16", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-5035", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://sourceforge.net/p/htmlcleaner/bugs/86/", refsource: "CONFIRM", url: "http://sourceforge.net/p/htmlcleaner/bugs/86/", }, { name: "20130816 Open-Xchange Security Advisory 2013-08-16", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-5035", datePublished: "2013-09-05T10:00:00Z", dateReserved: "2013-08-02T00:00:00Z", dateUpdated: "2024-09-17T01:46:33.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37311
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 14:36
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:20.651Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://open-xchange.com", }, { tags: [ "x_transferred", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2022-37311", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T14:36:07.802149Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1284", description: "CWE-1284 Improper Validation of Specified Quantity in Input", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T14:36:38.009Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-26T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://open-xchange.com", }, { url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37311", datePublished: "2022-12-26T00:00:00.000Z", dateReserved: "2022-08-01T00:00:00.000Z", dateUpdated: "2025-04-14T14:36:38.009Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3174
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/538481/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:58.066Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", }, { name: "20160525 Open-Xchange Security Advisory 2016-05-25", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/538481/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The \"defer\" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", }, { name: "20160525 Open-Xchange Security Advisory 2016-05-25", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/538481/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-3174", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The \"defer\" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", refsource: "CONFIRM", url: "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html", }, { name: "20160525 Open-Xchange Security Advisory 2016-05-25", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/538481/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-3174", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:47:58.066Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-2392
Vulnerability from cvelistv5
Published
2014-04-17 20:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/531762 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:14:25.767Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140408 Open-Xchange Security Advisory 2014-04-08", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/531762", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-04-08T00:00:00", descriptions: [ { lang: "en", value: "The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-04-17T20:57:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20140408 Open-Xchange Security Advisory 2014-04-08", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/531762", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-2392", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140408 Open-Xchange Security Advisory 2014-04-08", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/531762", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-2392", datePublished: "2014-04-17T20:00:00", dateReserved: "2014-03-13T00:00:00", dateUpdated: "2024-08-06T10:14:25.767Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4045
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036157 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:17:29.989Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036157", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1036157", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4045", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036157", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4045", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-04-20T00:00:00", dateUpdated: "2024-08-06T00:17:29.989Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-13668
Vulnerability from cvelistv5
Published
2019-05-23 15:15
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:05:19.482Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T15:15:31", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-13668", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-13668", datePublished: "2019-05-23T15:15:31", dateReserved: "2017-08-24T00:00:00", dateUpdated: "2024-08-05T19:05:19.482Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18846
Vulnerability from cvelistv5
Published
2020-02-21 20:53
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.2 allows SSRF.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:02:39.478Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-02-21T00:00:00", descriptions: [ { lang: "en", value: "OX App Suite through 7.10.2 allows SSRF.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-15T18:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18846", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.2 allows SSRF.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html", }, { name: "http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18846", datePublished: "2020-02-21T20:53:19", dateReserved: "2019-11-11T00:00:00", dateUpdated: "2024-08-05T02:02:39.478Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12644
Vulnerability from cvelistv5
Published
2020-08-31 14:25
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2020/Aug/14 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:04:22.470Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2020/Aug/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-31T14:25:38", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", ], url: "https://seclists.org/fulldisclosure/2020/Aug/14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12644", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, { name: "https://seclists.org/fulldisclosure/2020/Aug/14", refsource: "MISC", url: "https://seclists.org/fulldisclosure/2020/Aug/14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12644", datePublished: "2020-08-31T14:25:38", dateReserved: "2020-05-04T00:00:00", dateUpdated: "2024-08-04T12:04:22.470Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29046
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev48 Version: 0 ≤ 8.11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:14.609Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "backend", ], product: "OX App Suite", vendor: "OX Software GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev48", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "8.11", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.</p>", }, ], value: "Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T07:08:22.530Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], source: { defect: [ "MWB-1982", ], discovery: "INTERNAL", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-29046", datePublished: "2023-11-02T13:01:39.521Z", dateReserved: "2023-03-30T09:34:25.188Z", dateUpdated: "2024-08-02T14:00:14.609Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1588
Vulnerability from cvelistv5
Published
2017-06-08 21:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032202 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/74350 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/535388/100/1100/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:47:17.182Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1032202", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032202", }, { name: "74350", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/74350", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", }, { name: "20150427 Open-Xchange Security Advisory 2015-04-27", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/535388/100/1100/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-04-27T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1032202", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032202", }, { name: "74350", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/74350", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", }, { name: "20150427 Open-Xchange Security Advisory 2015-04-27", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/535388/100/1100/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-1588", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1032202", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032202", }, { name: "74350", refsource: "BID", url: "http://www.securityfocus.com/bid/74350", }, { name: "http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html", }, { name: "20150427 Open-Xchange Security Advisory 2015-04-27", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/535388/100/1100/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-1588", datePublished: "2017-06-08T21:00:00", dateReserved: "2015-02-11T00:00:00", dateUpdated: "2024-08-06T04:47:17.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6848
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93460 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:43:38.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { name: "93460", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93460", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client (\"Reflected File Download\"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-26T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { name: "93460", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93460", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-6848", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client (\"Reflected File Download\"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { name: "93460", refsource: "BID", url: "http://www.securityfocus.com/bid/93460", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-6848", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-08-18T00:00:00", dateUpdated: "2024-08-06T01:43:38.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41705
Vulnerability from cvelistv5
Published
2024-02-12 08:15
Modified
2024-11-07 19:20
Severity ?
EPSS score ?
Summary
Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open-Xchange GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev55 Version: 0 ≤ 7.6.3-rev71 Version: 0 ≤ 8.20 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:01:35.428Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41705", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T19:20:03.494419Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T19:20:22.352Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "backend", ], product: "OX App Suite", vendor: "Open-Xchange GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev55", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "7.6.3-rev71", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "8.20", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Uncontrolled Resource Consumption", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-16T14:08:50.608Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json", }, ], source: { defect: "MWB-2392", discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-41705", datePublished: "2024-02-12T08:15:23.158Z", dateReserved: "2023-08-30T16:21:49.912Z", dateUpdated: "2024-11-07T19:20:22.352Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28943
Vulnerability from cvelistv5
Published
2021-04-30 21:03
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.4 and earlier allows SSRF via a snippet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://open-xchange.com | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:48:00.524Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://open-xchange.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.4 and earlier allows SSRF via a snippet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-30T21:03:47", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://open-xchange.com", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-28943", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.4 and earlier allows SSRF via a snippet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://open-xchange.com", refsource: "MISC", url: "https://open-xchange.com", }, { name: "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-28943", datePublished: "2021-04-30T21:03:47", dateReserved: "2020-11-19T00:00:00", dateUpdated: "2024-08-04T16:48:00.524Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15002
Vulnerability from cvelistv5
Published
2020-10-23 04:51
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2020/Oct/20 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:00:52.053Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-23T04:51:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15002", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, { name: "https://seclists.org/fulldisclosure/2020/Oct/20", refsource: "CONFIRM", url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15002", datePublished: "2020-10-23T04:51:42", dateReserved: "2020-06-24T00:00:00", dateUpdated: "2024-08-04T13:00:52.053Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6913
Vulnerability from cvelistv5
Published
2018-09-18 20:00
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.
References
| ▼ | URL | Tags |
|---|---|---|
| https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf | x_refsource_CONFIRM | |
| https://github.com/gquere/CVE-2017-6913 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:41:17.693Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gquere/CVE-2017-6913", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-09-13T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-18T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/gquere/CVE-2017-6913", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6913", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf", }, { name: "https://github.com/gquere/CVE-2017-6913", refsource: "MISC", url: "https://github.com/gquere/CVE-2017-6913", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6913", datePublished: "2018-09-18T20:00:00", dateReserved: "2017-03-15T00:00:00", dateUpdated: "2024-08-05T15:41:17.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23935
Vulnerability from cvelistv5
Published
2021-01-12 21:25
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:14:09.626Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-12T21:25:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-23935", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-23935", datePublished: "2021-01-12T21:25:23", dateReserved: "2021-01-12T00:00:00", dateUpdated: "2024-08-03T19:14:09.626Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-5754
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:40:51.308Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-08T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-5754", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", }, { name: "44881", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44881/", }, { name: "20180608 Open-Xchange Security Advisory 2018-06-08", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Jun/23", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-5754", datePublished: "2018-06-15T21:00:00", dateReserved: "2018-01-17T00:00:00", dateUpdated: "2024-08-05T05:40:51.308Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-12611
Vulnerability from cvelistv5
Published
2019-01-29 23:00
Modified
2024-08-05 08:38
Severity ?
EPSS score ?
Summary
OX App Suite 7.8.4 and earlier allows Directory Traversal.
References
| ▼ | URL | Tags |
|---|---|---|
| https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf | x_refsource_CONFIRM | |
| http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2019/Jan/10 | mailing-list, x_refsource_FULLDISC | |
| https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T08:38:06.350Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { name: "20190104 Open-Xchange Security Advisory 2018-12-31", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-25T00:00:00", descriptions: [ { lang: "en", value: "OX App Suite 7.8.4 and earlier allows Directory Traversal.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-29T22:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { name: "20190104 Open-Xchange Security Advisory 2018-12-31", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-12611", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.8.4 and earlier allows Directory Traversal.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf", }, { name: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", refsource: "CONFIRM", url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf", }, { name: "20190104 Open-Xchange Security Advisory 2018-12-31", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Jan/10", }, { name: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-12611", datePublished: "2019-01-29T23:00:00", dateReserved: "2018-06-21T00:00:00", dateUpdated: "2024-08-05T08:38:06.350Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-8993
Vulnerability from cvelistv5
Published
2015-01-07 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62031 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1031488 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/534383/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:33:12.883Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "62031", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62031", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html", }, { name: "1031488", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031488", }, { name: "20150105 Open-Xchange Security Advisory 2015-01-05", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/534383/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-05T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "62031", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62031", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html", }, { name: "1031488", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031488", }, { name: "20150105 Open-Xchange Security Advisory 2015-01-05", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/534383/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-8993", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "62031", refsource: "SECUNIA", url: "http://secunia.com/advisories/62031", }, { name: "http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html", }, { name: "1031488", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031488", }, { name: "20150105 Open-Xchange Security Advisory 2015-01-05", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/534383/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-8993", datePublished: "2015-01-07T18:00:00", dateReserved: "2014-11-19T00:00:00", dateUpdated: "2024-08-06T13:33:12.883Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-5935
Vulnerability from cvelistv5
Published
2013-09-25 10:00
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:29:41.652Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130910 Open-Xchange Security Advisory 2013-09-10", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-25T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20130910 Open-Xchange Security Advisory 2013-09-10", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-5935", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130910 Open-Xchange Security Advisory 2013-09-10", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-5935", datePublished: "2013-09-25T10:00:00Z", dateReserved: "2013-09-25T00:00:00Z", dateUpdated: "2024-09-16T19:10:12.479Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-5698
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-16 23:36
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:22:29.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130603 Open-Xchange Security Advisory 2013-06-03", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-05T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20130603 Open-Xchange Security Advisory 2013-06-03", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-5698", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130603 Open-Xchange Security Advisory 2013-06-03", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-5698", datePublished: "2013-09-05T10:00:00Z", dateReserved: "2013-09-05T00:00:00Z", dateUpdated: "2024-09-16T23:36:10.886Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-24701
Vulnerability from cvelistv5
Published
2021-01-12 07:58
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com | x_refsource_MISC | |
| http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:19:09.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { name: "20210716 Open-Xchange Security Advisory 2021-07-15", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-16T16:06:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { name: "20210716 Open-Xchange Security Advisory 2021-07-15", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-24701", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com", refsource: "MISC", url: "https://www.open-xchange.com", }, { name: "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { name: "20210716 Open-Xchange Security Advisory 2021-07-15", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { name: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-24701", datePublished: "2021-01-12T07:58:16", dateReserved: "2020-08-27T00:00:00", dateUpdated: "2024-08-04T15:19:09.326Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-8341
Vulnerability from cvelistv5
Published
2019-05-22 19:10
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:34:22.431Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-22T19:10:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-8341", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://open-xchange.com", refsource: "MISC", url: "http://open-xchange.com", }, { name: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-8341", datePublished: "2019-05-22T19:10:16", dateReserved: "2017-04-29T00:00:00", dateUpdated: "2024-08-05T16:34:22.431Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2840
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/537959/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035469 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:32:21.333Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20160402 Open-Xchange Security Advisory 2016-04-02", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/537959/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html", }, { name: "1035469", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035469", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The \"session\" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20160402 Open-Xchange Security Advisory 2016-04-02", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/537959/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html", }, { name: "1035469", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035469", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2840", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The \"session\" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20160402 Open-Xchange Security Advisory 2016-04-02", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/537959/100/0/threaded", }, { name: "http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html", refsource: "CONFIRM", url: "http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html", }, { name: "1035469", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035469", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2840", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-03-02T00:00:00", dateUpdated: "2024-08-05T23:32:21.333Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-12884
Vulnerability from cvelistv5
Published
2019-05-10 15:32
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://app.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:51:07.029Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://app.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-10T15:32:33", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://app.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-12884", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://app.com", refsource: "MISC", url: "http://app.com", }, { name: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-12884", datePublished: "2019-05-10T15:32:33", dateReserved: "2017-08-16T00:00:00", dateUpdated: "2024-08-05T18:51:07.029Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23936
Vulnerability from cvelistv5
Published
2021-01-12 21:25
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via the subject of a task.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:14:09.800Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via the subject of a task.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-12T21:25:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-23936", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.4 allows XSS via the subject of a task.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-23936", datePublished: "2021-01-12T21:25:12", dateReserved: "2021-01-12T00:00:00", dateUpdated: "2024-08-03T19:14:09.800Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6852
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93459 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:43:38.420Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { name: "93459", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93459", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-26T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { name: "93459", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93459", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-6852", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, { name: "93459", refsource: "BID", url: "http://www.securityfocus.com/bid/93459", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-6852", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-08-18T00:00:00", dateUpdated: "2024-08-06T01:43:38.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4026
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036157 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:17:30.851Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036157", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1036157", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4026", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036157", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036157", }, { name: "20160622 Open-Xchange Security Advisory 2016-06-22", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/538732/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4026", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-04-15T00:00:00", dateUpdated: "2024-08-06T00:17:30.851Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29047
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev5 Version: 0 ≤ 8.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:14.821Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "release-notes", "x_transferred", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "office", ], product: "OX App Suite", vendor: "OX Software GmbH", versions: [ { lessThanOrEqual: "7.10.6-rev5", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "8.12", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.</p>", }, ], value: "Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T07:08:31.530Z", orgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", shortName: "OX", }, references: [ { tags: [ "release-notes", ], url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf", }, { tags: [ "vendor-advisory", ], url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json", }, ], source: { defect: [ "DOCS-4767", ], discovery: "EXTERNAL", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8ce71d90-2354-404b-a86e-bec2cc4e6981", assignerShortName: "OX", cveId: "CVE-2023-29047", datePublished: "2023-11-02T13:01:43.877Z", dateReserved: "2023-03-30T09:34:25.188Z", dateUpdated: "2024-08-02T14:00:14.821Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23931
Vulnerability from cvelistv5
Published
2021-01-12 21:26
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via an inline binary file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:14:09.798Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via an inline binary file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-12T21:26:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-23931", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.4 allows XSS via an inline binary file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-23931", datePublished: "2021-01-12T21:26:06", dateReserved: "2021-01-12T00:00:00", dateUpdated: "2024-08-03T19:14:09.798Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-5238
Vulnerability from cvelistv5
Published
2020-01-14 16:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:41:47.807Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-15T00:00:00", descriptions: [ { lang: "en", value: "XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-14T16:00:29", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-5238", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", }, { name: "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", refsource: "MISC", url: "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", }, { name: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", refsource: "MISC", url: "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-5238", datePublished: "2020-01-14T16:00:29", dateReserved: "2014-08-13T00:00:00", dateUpdated: "2024-08-06T11:41:47.807Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3106
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-17 03:47
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:00:09.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130603 Open-Xchange Security Advisory 2013-06-03", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-05T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20130603 Open-Xchange Security Advisory 2013-06-03", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-3106", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130603 Open-Xchange Security Advisory 2013-06-03", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-3106", datePublished: "2013-09-05T10:00:00Z", dateReserved: "2013-04-17T00:00:00Z", dateUpdated: "2024-09-17T03:47:47.749Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11521
Vulnerability from cvelistv5
Published
2019-08-20 12:26
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.1 allows Content Spoofing.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:55:40.658Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.1 allows Content Spoofing.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-20T12:26:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-11521", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.1 allows Content Spoofing.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-11521", datePublished: "2019-08-20T12:26:10", dateReserved: "2019-04-25T00:00:00", dateUpdated: "2024-08-04T22:55:40.658Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8542
Vulnerability from cvelistv5
Published
2020-06-16 13:46
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Aug/14 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:03:46.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, { name: "20200821 Open-Xchange Security Advisory 2020-08-20", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Aug/14", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows XSS.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-21T23:06:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, { name: "20200821 Open-Xchange Security Advisory 2020-08-20", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Aug/14", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-8542", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.3 allows XSS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, { name: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html", }, { name: "20200821 Open-Xchange Security Advisory 2020-08-20", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Aug/14", }, { name: "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-8542", datePublished: "2020-06-16T13:46:57", dateReserved: "2020-02-03T00:00:00", dateUpdated: "2024-08-04T10:03:46.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6843
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93457 | vdb-entry, x_refsource_BID | |
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:43:37.983Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "93457", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93457", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-26T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "93457", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93457", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-6843", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "93457", refsource: "BID", url: "http://www.securityfocus.com/bid/93457", }, { name: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-6843", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-08-18T00:00:00", dateUpdated: "2024-08-06T01:43:37.983Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15003
Vulnerability from cvelistv5
Published
2020-10-23 04:54
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2020/Oct/20 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:00:52.180Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-23T04:54:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15003", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, { name: "https://seclists.org/fulldisclosure/2020/Oct/20", refsource: "CONFIRM", url: "https://seclists.org/fulldisclosure/2020/Oct/20", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15003", datePublished: "2020-10-23T04:54:27", dateReserved: "2020-06-24T00:00:00", dateUpdated: "2024-08-04T13:00:52.180Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37308
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 14:43
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:20.583Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://open-xchange.com", }, { tags: [ "x_transferred", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-37308", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T14:42:25.738357Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T14:43:15.189Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-26T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://open-xchange.com", }, { url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37308", datePublished: "2022-12-26T00:00:00.000Z", dateReserved: "2022-08-01T00:00:00.000Z", dateUpdated: "2025-04-14T14:43:15.189Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-15029
Vulnerability from cvelistv5
Published
2019-05-23 15:00
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:42:22.334Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T15:00:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-15029", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://open-xchange.com", refsource: "MISC", url: "http://open-xchange.com", }, { name: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-15029", datePublished: "2019-05-23T15:00:32", dateReserved: "2017-10-04T00:00:00", dateUpdated: "2024-08-05T19:42:22.334Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-7158
Vulnerability from cvelistv5
Published
2019-06-17 19:03
Modified
2024-08-04 20:38
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.0 and earlier has Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:38:33.440Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite 7.10.0 and earlier has Incorrect Access Control.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-17T19:03:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-7158", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite 7.10.0 and earlier has Incorrect Access Control.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com/", refsource: "MISC", url: "https://www.open-xchange.com/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-7158", datePublished: "2019-06-17T19:03:42", dateReserved: "2019-01-29T00:00:00", dateUpdated: "2024-08-04T20:38:33.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6842
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93457 | vdb-entry, x_refsource_BID | |
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:43:38.545Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "93457", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93457", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's \"Templates\" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-26T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "93457", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93457", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-6842", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's \"Templates\" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "93457", refsource: "BID", url: "http://www.securityfocus.com/bid/93457", }, { name: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-6842", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-08-18T00:00:00", dateUpdated: "2024-08-06T01:43:38.545Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-1679
Vulnerability from cvelistv5
Published
2015-01-05 20:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/531005 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/56828 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91059 | vdb-entry, x_refsource_XF | |
| https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:50:10.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140210 Open-Xchange Security Advisory 2014-02-10", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/531005", }, { name: "56828", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/56828", }, { name: "openxchange-cve20141679-xss(91059)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91059", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-10T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20140210 Open-Xchange Security Advisory 2014-02-10", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/531005", }, { name: "56828", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/56828", }, { name: "openxchange-cve20141679-xss(91059)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91059", }, { tags: [ "x_refsource_MISC", ], url: "https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-1679", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140210 Open-Xchange Security Advisory 2014-02-10", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/531005", }, { name: "56828", refsource: "SECUNIA", url: "http://secunia.com/advisories/56828", }, { name: "openxchange-cve20141679-xss(91059)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91059", }, { name: "https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1", refsource: "MISC", url: "https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-1679", datePublished: "2015-01-05T20:00:00", dateReserved: "2014-01-26T00:00:00", dateUpdated: "2024-08-06T09:50:10.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-5936
Vulnerability from cvelistv5
Published
2013-09-25 10:00
Modified
2024-09-17 01:31
Severity ?
EPSS score ?
Summary
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:29:41.635Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130910 Open-Xchange Security Advisory 2013-09-10", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-25T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20130910 Open-Xchange Security Advisory 2013-09-10", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-5936", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130910 Open-Xchange Security Advisory 2013-09-10", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-5936", datePublished: "2013-09-25T10:00:00Z", dateReserved: "2013-09-25T00:00:00Z", dateUpdated: "2024-09-17T01:31:55.320Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23934
Vulnerability from cvelistv5
Published
2021-01-12 21:25
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:14:09.819Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-12T21:25:33", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-23934", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-23934", datePublished: "2021-01-12T21:25:33", dateReserved: "2021-01-12T00:00:00", dateUpdated: "2024-08-03T19:14:09.819Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-5690
Vulnerability from cvelistv5
Published
2013-10-03 19:00
Modified
2024-09-16 22:29
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/528940 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:22:29.574Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130930 Open-Xchange Security Advisory 2013-09-30", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/528940", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-10-03T19:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20130930 Open-Xchange Security Advisory 2013-09-30", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/528940", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-5690", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130930 Open-Xchange Security Advisory 2013-09-30", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/528940", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-5690", datePublished: "2013-10-03T19:00:00Z", dateReserved: "2013-09-03T00:00:00Z", dateUpdated: "2024-09-16T22:29:53.924Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37310
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 14:38
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:21.031Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://open-xchange.com", }, { tags: [ "x_transferred", ], url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-37310", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T14:37:57.161275Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T14:38:35.949Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-26T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://open-xchange.com", }, { url: "https://seclists.org/fulldisclosure/2022/Nov/18", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37310", datePublished: "2022-12-26T00:00:00.000Z", dateReserved: "2022-08-01T00:00:00.000Z", dateUpdated: "2025-04-14T14:38:35.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37403
Vulnerability from cvelistv5
Published
2021-07-22 16:19
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:16:04.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-22T16:19:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com", }, { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-37403", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com", refsource: "MISC", url: "https://www.open-xchange.com", }, { name: "http://seclists.org/fulldisclosure/2021/Jul/33", refsource: "MISC", url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-37403", datePublished: "2021-07-22T16:19:27", dateReserved: "2021-07-22T00:00:00", dateUpdated: "2024-08-04T01:16:04.050Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-5864
Vulnerability from cvelistv5
Published
2019-05-22 19:38
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:11:48.915Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-22T19:38:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://ox.com", }, { tags: [ "x_refsource_MISC", ], url: "http://open-xchange.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-5864", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://ox.com", refsource: "MISC", url: "http://ox.com", }, { name: "http://open-xchange.com", refsource: "MISC", url: "http://open-xchange.com", }, { name: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", refsource: "CONFIRM", url: "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-5864", datePublished: "2019-05-22T19:38:05", dateReserved: "2017-02-02T00:00:00", dateUpdated: "2024-08-05T15:11:48.915Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-24700
Vulnerability from cvelistv5
Published
2021-01-12 07:42
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com | x_refsource_MISC | |
| http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:19:09.320Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.open-xchange.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { name: "20210716 Open-Xchange Security Advisory 2021-07-15", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-16T16:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.open-xchange.com", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { name: "20210716 Open-Xchange Security Advisory 2021-07-15", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-24700", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.open-xchange.com", refsource: "MISC", url: "https://www.open-xchange.com", }, { name: "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html", }, { name: "20210716 Open-Xchange Security Advisory 2021-07-15", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Jul/33", }, { name: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-24700", datePublished: "2021-01-12T07:42:56", dateReserved: "2020-08-27T00:00:00", dateUpdated: "2024-08-04T15:19:09.320Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-5740
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:08
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/40378/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/92922 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/539394/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:08:00.528Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "40378", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40378/", }, { name: "92922", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92922", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html", }, { name: "20160913 Open-Xchange Security Advisory 2016-09-13", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/539394/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "40378", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40378/", }, { name: "92922", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92922", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html", }, { name: "20160913 Open-Xchange Security Advisory 2016-09-13", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/539394/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-5740", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "40378", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/40378/", }, { name: "92922", refsource: "BID", url: "http://www.securityfocus.com/bid/92922", }, { name: "http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html", refsource: "CONFIRM", url: "http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html", }, { name: "20160913 Open-Xchange Security Advisory 2016-09-13", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/539394/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-5740", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-06-22T00:00:00", dateUpdated: "2024-08-06T01:08:00.528Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6850
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93457 | vdb-entry, x_refsource_BID | |
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:43:37.927Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "93457", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93457", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-15T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-26T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "93457", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93457", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-6850", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "93457", refsource: "BID", url: "http://www.securityfocus.com/bid/93457", }, { name: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", refsource: "CONFIRM", url: "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-6850", datePublished: "2016-12-15T06:31:00", dateReserved: "2016-08-18T00:00:00", dateUpdated: "2024-08-06T01:43:37.927Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-6241
Vulnerability from cvelistv5
Published
2014-12-27 18:00
Modified
2024-08-06 17:38
Severity ?
EPSS score ?
Summary
The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0 | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:38:59.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0", }, { name: "20131106 Open-Xchange Security Advisory 2013-11-06", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-10-21T00:00:00", descriptions: [ { lang: "en", value: "The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-12-27T18:57:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0", }, { name: "20131106 Open-Xchange Security Advisory 2013-11-06", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-6241", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0", refsource: "CONFIRM", url: "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0", }, { name: "20131106 Open-Xchange Security Advisory 2013-11-06", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-6241", datePublished: "2014-12-27T18:00:00", dateReserved: "2013-10-22T00:00:00", dateUpdated: "2024-08-06T17:38:59.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }