Open-Xchange: Security Vulnerabilities
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.
CVSS Score
6.1
EPSS Score
0.009
Published
2022-03-28
OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.
CVSS Score
5.4
EPSS Score
0.007
Published
2022-03-28
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.
CVSS Score
6.5
EPSS Score
0.024
Published
2021-11-22
OX App Suite 7.10.5 allows XSS via an OX Chat room name.
CVSS Score
6.1
EPSS Score
0.011
Published
2021-11-22
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.
CVSS Score
6.0
EPSS Score
0.005
Published
2021-11-22
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.
CVSS Score
6.1
EPSS Score
0.011
Published
2021-11-22
OX App Suite 7.10.5 allows XSS via an OX Chat system message.
CVSS Score
6.1
EPSS Score
0.011
Published
2021-11-22
OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.
CVSS Score
5.4
EPSS Score
0.012
Published
2021-11-22
OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message.
CVSS Score
6.1
EPSS Score
0.013
Published
2021-11-22
OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.
CVSS Score
5.3
EPSS Score
0.014
Published
2021-11-22