Shodan
Vulnerabilities
Vulnerable Software
Open-Xchange:  Security Vulnerabilities
CVE-2020-9426
OX Guard 2.10.3 and earlier allows XSS.
CVSS Score
6.1
EPSS Score
0.012
Published
2020-06-15
CVE-2020-9427
OX Guard 2.10.3 and earlier allows SSRF.
CVSS Score
5.0
EPSS Score
0.011
Published
2020-06-15
CVE-2019-18846
OX App Suite through 7.10.2 allows SSRF.
CVSS Score
5.0
EPSS Score
0.009
Published
2020-02-21
CVE-2014-5236
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.
CVSS Score
7.5
EPSS Score
0.038
Published
2020-01-31
CVE-2014-5238
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.
CVSS Score
7.8
EPSS Score
0.019
Published
2020-01-14
CVE-2019-16716
OX App Suite through 7.10.2 has Incorrect Access Control.
CVSS Score
6.6
EPSS Score
0.017
Published
2020-01-06
CVE-2019-16717
OX App Suite through 7.10.2 has XSS.
CVSS Score
6.1
EPSS Score
0.015
Published
2020-01-06
CVE-2013-7485
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
CVSS Score
6.1
EPSS Score
0.018
Published
2020-01-02
CVE-2013-7486
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
CVSS Score
6.1
EPSS Score
0.016
Published
2020-01-02
CVE-2013-6242
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.
CVSS Score
6.1
EPSS Score
0.016
Published
2020-01-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved