MidnightBSD

Advisories for open-xchange

CVE-2006-0091 MEDIUM

Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
open-xchange open-xchange *
CVE-2006-2738 HIGH

The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
open-xchange open-xchange *
open-xchange open-xchange 0.8.1.6
CVE-2013-1645 MEDIUM

Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the publication template path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
open-xchange open-xchange_server 6.22.0
open-xchange open-xchange_server 6.20.7
open-xchange open-xchange_server 6.22.1
CVE-2013-1646 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST request, (2) an arbitrary parameter to servlet/TestServlet, (3) a javascript: URL in a standalone-mode action to a UWA module, (4) an infostore attachment, (5) JavaScript code in a contact image, (6) an RSS feed, or (7) a signature.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_server 6.22.0
open-xchange open-xchange_server 6.20.7
open-xchange open-xchange_server 6.22.1
CVE-2013-1647 MEDIUM

Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1) the location parameter to ajax/redirect or (2) multiple infostore URIs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
open-xchange open-xchange_server 6.22.0
open-xchange open-xchange_server 6.20.7
open-xchange open-xchange_server 6.22.1
CVE-2013-1648 LOW

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
open-xchange open-xchange_server 6.22.0
open-xchange open-xchange_server 6.20.7
open-xchange open-xchange_server 6.22.1
CVE-2013-1649 MEDIUM

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
open-xchange open-xchange_server 6.22.0
open-xchange open-xchange_server 6.20.7
open-xchange open-xchange_server 6.22.1
CVE-2013-1650 LOW

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
open-xchange open-xchange_server 6.22.0
open-xchange open-xchange_server 6.20.7
open-xchange open-xchange_server 6.22.1
CVE-2013-1651 MEDIUM

OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
open-xchange open-xchange_server 6.22.0
open-xchange open-xchange_server 6.20.7
open-xchange open-xchange_server 6.22.1
CVE-2013-2582 MEDIUM

CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
open-xchange open-xchange_server 6.22.0
open-xchange open-xchange_server 7.0.2
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_server 6.22.1
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite 6.22.0
open-xchange open-xchange_server 7.0.1
CVE-2013-2583 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_server 6.22.0
open-xchange open-xchange_server 7.0.2
open-xchange open-xchange_appsuite 6.20.7
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_server 6.20.7
open-xchange open-xchange_server 6.22.1
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite 6.22.0
open-xchange open-xchange_server 7.0.1
CVE-2013-3106 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_server 6.22.0
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_server 6.20.7
open-xchange open-xchange_server 7.2.0
open-xchange open-xchange_server 6.22.1
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite 6.22.0
open-xchange open-xchange_server 7.0.1
open-xchange open-xchange_server 7.0.2
open-xchange open-xchange_appsuite 6.20.7
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.2.0
CVE-2013-4790 LOW

Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 7.2.1
CVE-2013-5035 MEDIUM

Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
htmlcleaner_project htmlcleaner 1.5
htmlcleaner_project htmlcleaner 2.2
htmlcleaner_project htmlcleaner 1.13
htmlcleaner_project htmlcleaner 2.0
htmlcleaner_project htmlcleaner 1.6
htmlcleaner_project htmlcleaner 0.8
htmlcleaner_project htmlcleaner *
htmlcleaner_project htmlcleaner 1.0.5
htmlcleaner_project htmlcleaner 1.1
htmlcleaner_project htmlcleaner 1.12
htmlcleaner_project htmlcleaner 2.4
htmlcleaner_project htmlcleaner 0.9
htmlcleaner_project htmlcleaner 2.1
open-xchange open-xchange_appsuite 7.2.2
htmlcleaner_project htmlcleaner 1.4
htmlcleaner_project htmlcleaner 1.0
htmlcleaner_project htmlcleaner 1.3
htmlcleaner_project htmlcleaner 2.2.1
htmlcleaner_project htmlcleaner 1.2
htmlcleaner_project htmlcleaner 1.55
CVE-2013-5200 HIGH

The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 7.2.1
CVE-2013-5690 LOW

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 6.20.7
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 6.22.0
CVE-2013-5698 LOW

Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_server 6.22.0
open-xchange open-xchange_server 7.0.2
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_server 7.2.0
open-xchange open-xchange_server 6.22.1
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 6.22.0
open-xchange open-xchange_server 7.0.1
CVE-2013-5934 MEDIUM

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 7.2.1
CVE-2013-5935 MEDIUM

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 7.2.1
CVE-2013-5936 MEDIUM

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 7.2.1
CVE-2013-6009 MEDIUM

CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 6.20.7
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 6.22.0
CVE-2013-6074 MEDIUM

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 7.2.1
open-xchange open-xchange_appsuite 7.4.0
CVE-2013-6241 MEDIUM

The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 7.2.1
open-xchange open-xchange_appsuite 7.4.0
CVE-2013-6242 MEDIUM

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 6.22.4
open-xchange open-xchange_appsuite 6.22.3
open-xchange open-xchange_appsuite 7.4.0
CVE-2013-6997 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 6.20.7
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 6.22.0
open-xchange open-xchange_appsuite 7.2.1
CVE-2013-7140 MEDIUM

XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 6.20.7
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 6.22.0
open-xchange open-xchange_appsuite 7.2.1
open-xchange open-xchange_appsuite 7.4.0
CVE-2013-7141 MEDIUM

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 6.20.7
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 6.22.0
open-xchange open-xchange_appsuite 7.2.1
open-xchange open-xchange_appsuite 7.4.0
CVE-2013-7142 MEDIUM

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 6.20.7
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 6.22.0
open-xchange open-xchange_appsuite 7.2.1
open-xchange open-xchange_appsuite 7.4.0
CVE-2013-7143 MEDIUM

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 6.20.7
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 6.22.0
open-xchange open-xchange_appsuite 7.2.1
open-xchange open-xchange_appsuite 7.4.0
CVE-2013-7485 MEDIUM

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 7.4.0
CVE-2013-7486 MEDIUM

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 7.4.0
CVE-2014-1679 MEDIUM

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.4.1
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.4.0
CVE-2014-2077 MEDIUM

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.4.1
open-xchange open-xchange_appsuite 7.4.2
CVE-2014-2078 MEDIUM

The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.4.2
CVE-2014-2391 MEDIUM

The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.4.1
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 7.2.1
open-xchange open-xchange_appsuite 7.4.2
CVE-2014-2392 MEDIUM

The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.4.1
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 7.2.1
open-xchange open-xchange_appsuite 7.4.2
CVE-2014-2393 MEDIUM

Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.4.1
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 7.2.1
open-xchange open-xchange_appsuite 7.4.2
CVE-2014-5234 MEDIUM

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 6.20.7
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 6.22.0
open-xchange open-xchange_appsuite 7.2.1
open-xchange open-xchange_appsuite 7.4.0
open-xchange open-xchange_appsuite 7.6.0
CVE-2014-5235 MEDIUM

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 6.20.7
open-xchange open-xchange_appsuite 6.22.1
open-xchange open-xchange_appsuite 7.0.1
open-xchange open-xchange_appsuite 7.2.2
open-xchange open-xchange_appsuite 7.0.2
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.2.0
open-xchange open-xchange_appsuite 6.22.0
open-xchange open-xchange_appsuite 7.2.1
open-xchange open-xchange_appsuite 7.4.0
open-xchange open-xchange_appsuite 7.6.0
CVE-2014-5236 MEDIUM

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.4.2
open-xchange open-xchange_appsuite 7.6.0
CVE-2014-5237 MEDIUM

Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
open-xchange app_suite 7.4.2
open-xchange app_suite 7.6.0
CVE-2014-5238 MEDIUM

XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.4.2
open-xchange open-xchange_appsuite 7.6.0
CVE-2014-7871 MEDIUM

SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.6.0
CVE-2014-8993 MEDIUM

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.1
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.6.0
CVE-2014-9466 MEDIUM

Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.1
open-xchange open-xchange_appsuite 7.4.2
open-xchange open-xchange_appsuite 7.6.0
CVE-2015-1588 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.1
open-xchange open-xchange_server 6.0
open-xchange open-xchange_server 6.22.12
open-xchange open-xchange_appsuite *
open-xchange open-xchange_server 6.22.13
open-xchange open-xchange_appsuite 7.6.0
CVE-2015-5375 MEDIUM

Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_server *
CVE-2015-7385 MEDIUM

Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is not properly handled in "Guard PGP Settings."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_guard *
CVE-2015-8542 MEDIUM

An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID. The "auth" parameter contains a hashed password string which gets created by the client by asking the user to enter his or her OX Guard password. This parameter is used as single point of authentication when accessing PGP Private Keys. In case a user has set the same password as another user, it is possible to download another user's PGP Private Key by iterating the "id" and "cid" parameters. This kind of attack would also be able by brute-forcing login credentials, but since the "id" and "cid" parameters are sequential they are much easier to predict than a user's login name. At the same time, there are some obvious insecure standard passwords that are widely used. A attacker could send the hashed representation of typically weak passwords and randomly fetch Private Key of matching accounts. The attack can be executed by both internal users and "guests" which use the external mail reader.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-320,

Products Affected

Vendor Product Version
open-xchange ox_guard *
CVE-2016-2840 MEDIUM

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-3173 LOW

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-3174 MEDIUM

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-4026 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-4027 LOW

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-4028 LOW

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's "OxReaderID" cookie and the value of the "auth" parameter needs to be known to the attacker.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
open-xchange ox_guard *
CVE-2016-4045 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-4046 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-4047 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-611,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-4048 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-5124 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-5740 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-6842 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-6843 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-6844 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-6845 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-6846 MEDIUM

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_frontend 7.8.0
open-xchange office_web 7.8.0
open-xchange open-xchange_appsuite_frontend 7.6.2
open-xchange open-xchange_appsuite_backend 7.8.0
open-xchange documentconverter-api 7.8.2
open-xchange open-xchange_appsuite_backend 7.6.2
open-xchange office_web 7.8.2
open-xchange open-xchange_appsuite_frontend 7.8.2
open-xchange office_web 7.6.2
open-xchange open-xchange_appsuite_backend 7.8.2
CVE-2016-6847 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-6848 LOW

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.

CVSS 2.0

Severity: LOW

Problem Type: CWE-254,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-6850 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-6851 MEDIUM

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks against arbitrary users since no prior authentication is needed. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.) in case the user has an active session on the same domain already.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_guard *
CVE-2016-6852 MEDIUM

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2016-6853 MEDIUM

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_guard *
CVE-2016-6854 MEDIUM

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_guard *
CVE-2017-12884 MEDIUM

OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-12885 MEDIUM

OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-13667 MEDIUM

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-13668 LOW

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-15029 MEDIUM

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-15030 MEDIUM

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-17060 HIGH

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-275,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-17061 LOW

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-17062 MEDIUM

The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.3
open-xchange open-xchange_appsuite 7.8.4
open-xchange open-xchange_appsuite 7.8.3
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.8.2
open-xchange open-xchange_appsuite 7.8.0
CVE-2017-5210 MEDIUM

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-5211 MEDIUM

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-5212 HIGH

Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.8.3
CVE-2017-5213 MEDIUM

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-5863 HIGH

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-5864 MEDIUM

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-6912 MEDIUM

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-6913 MEDIUM

Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-8340 MEDIUM

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-8341 MEDIUM

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-8777 MEDIUM

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,

Products Affected

Vendor Product Version
open-xchange ox_cloud *
CVE-2017-9808 MEDIUM

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2017-9809 MEDIUM

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2018-10986 MEDIUM

OX Guard 2.8.0 has CSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
open-xchange ox_guard 2.8.0
CVE-2018-12609 MEDIUM

OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2018-12610 MEDIUM

OX App Suite 7.8.4 and earlier allows Information Exposure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2018-12611 MEDIUM

OX App Suite 7.8.4 and earlier allows Directory Traversal.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2018-13103 MEDIUM

OX App Suite 7.8.4 and earlier allows SSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2018-13104 LOW

OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2018-5751 MEDIUM

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.3
open-xchange open-xchange_appsuite 7.8.4
open-xchange open-xchange_appsuite 7.8.3
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.8.2
open-xchange open-xchange_appsuite 7.8.0
CVE-2018-5752 MEDIUM

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.3
open-xchange open-xchange_appsuite 7.8.4
open-xchange open-xchange_appsuite 7.8.3
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.8.2
open-xchange open-xchange_appsuite 7.8.0
CVE-2018-5753 MEDIUM

The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.3
open-xchange open-xchange_appsuite 7.8.4
open-xchange open-xchange_appsuite 7.8.3
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.8.2
open-xchange open-xchange_appsuite 7.8.0
CVE-2018-5754 LOW

Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.8.4
open-xchange open-xchange_appsuite 7.8.3
open-xchange open-xchange_appsuite *
CVE-2018-5755 HIGH

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.8.4
open-xchange open-xchange_appsuite 7.8.3
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.8.2
open-xchange open-xchange_appsuite 7.8.0
CVE-2018-5756 MEDIUM

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.3
open-xchange open-xchange_appsuite 7.8.4
open-xchange open-xchange_appsuite 7.8.3
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.8.2
open-xchange open-xchange_appsuite 7.8.0
CVE-2018-9997 MEDIUM

Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.3
open-xchange open-xchange_appsuite 7.8.4
open-xchange open-xchange_appsuite 7.8.3
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.8.2
open-xchange open-xchange_appsuite 7.8.0
CVE-2018-9998 MEDIUM

Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.3
open-xchange open-xchange_appsuite 7.8.4
open-xchange open-xchange_appsuite 7.8.3
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.8.2
open-xchange open-xchange_appsuite 7.8.0
CVE-2019-11521 MEDIUM

OX App Suite 7.10.1 allows Content Spoofing.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.10.1
CVE-2019-11522 LOW

OX App Suite 7.10.0 to 7.10.2 allows XSS.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2019-11806 LOW

OX App Suite 7.10.1 and earlier has Insecure Permissions.

CVSS 2.0

Severity: LOW

Problem Type: CWE-732,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2019-14225 MEDIUM

OX App Suite 7.10.1 and 7.10.2 allows SSRF.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.10.2
open-xchange open-xchange_appsuite 7.10.1
CVE-2019-14226 MEDIUM

OX App Suite through 7.10.2 has Insecure Permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-281,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2019-14227 MEDIUM

OX App Suite 7.10.1 and 7.10.2 allows XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.10.2
open-xchange open-xchange_appsuite 7.10.1
CVE-2019-16716 HIGH

OX App Suite through 7.10.2 has Incorrect Access Control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2019-16717 MEDIUM

OX App Suite through 7.10.2 has XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2019-18846 MEDIUM

OX App Suite through 7.10.2 allows SSRF.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2019-7158 HIGH

OX App Suite 7.10.0 and earlier has Incorrect Access Control.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2019-7159 MEDIUM

OX App Suite 7.10.1 and earlier allows Information Exposure.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2020-12643 MEDIUM

OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-639,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2020-12644 MEDIUM

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2020-12645 MEDIUM

OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2020-12646 LOW

OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2020-15002 MEDIUM

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2020-15003 MEDIUM

OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.10.2
open-xchange open-xchange_appsuite 7.10.3
CVE-2020-15004 LOW

OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.10.2
open-xchange open-xchange_appsuite 7.10.3
CVE-2020-24700 MEDIUM

OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2020-24701 MEDIUM

OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2020-28943 MEDIUM

OX App Suite 7.10.4 and earlier allows SSRF via a snippet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2020-28944 MEDIUM

OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
open-xchange ox_guard *
CVE-2020-28945 MEDIUM

OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2020-8541 MEDIUM

OX App Suite through 7.10.3 allows XXE attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.10.2
open-xchange open-xchange_appsuite 7.10.1
open-xchange open-xchange_appsuite 7.10.3
CVE-2020-8542 LOW

OX App Suite through 7.10.3 allows XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.10.2
open-xchange open-xchange_appsuite 7.10.1
open-xchange open-xchange_appsuite 7.10.3
CVE-2020-8543 MEDIUM

OX App Suite through 7.10.3 has Improper Input Validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.8.4
open-xchange open-xchange_appsuite 7.10.2
open-xchange open-xchange_appsuite 7.10.1
open-xchange open-xchange_appsuite 7.10.3
CVE-2020-8544 MEDIUM

OX App Suite through 7.10.3 allows SSRF.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.8.4
open-xchange open-xchange_appsuite 7.10.2
open-xchange open-xchange_appsuite 7.10.1
open-xchange open-xchange_appsuite 7.10.3
CVE-2020-9426 MEDIUM

OX Guard 2.10.3 and earlier allows XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_guard 2.10.3
CVE-2020-9427 MEDIUM

OX Guard 2.10.3 and earlier allows SSRF.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange ox_guard 2.10.3
CVE-2021-23927 MEDIUM

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2021-23928 MEDIUM

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2021-23929 MEDIUM

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2021-23930 MEDIUM

OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2021-23931 MEDIUM

OX App Suite through 7.10.4 allows XSS via an inline binary file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2021-23932 MEDIUM

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2021-23933 MEDIUM

OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2021-23934 MEDIUM

OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2021-23935 MEDIUM

OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2021-23936 MEDIUM

OX App Suite through 7.10.4 allows XSS via the subject of a task.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2021-26698 MEDIUM

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.10.3
open-xchange open-xchange_appsuite 7.10.4
CVE-2021-26699 MEDIUM

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.10.3
open-xchange open-xchange_appsuite 7.10.4
CVE-2021-28093 MEDIUM

OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
open-xchange open-xchange_documents 7.10.5
open-xchange open-xchange_documents *
CVE-2021-28094 MEDIUM

OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
open-xchange open-xchange_documents 7.10.5
open-xchange open-xchange_documents *
CVE-2021-28095 MEDIUM

OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
open-xchange open-xchange_documents 7.10.5
open-xchange open-xchange_documents *
CVE-2021-31934 MEDIUM

OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2021-31935 MEDIUM

OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
CVE-2021-33488 MEDIUM

chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-33489 MEDIUM

OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-33490 MEDIUM

OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-33491 MEDIUM

OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-33492 MEDIUM

OX App Suite 7.10.5 allows XSS via an OX Chat room name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite 7.10.5
CVE-2021-33493 LOW

The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-94,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-33494 MEDIUM

OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite 7.10.5
CVE-2021-33495 MEDIUM

OX App Suite 7.10.5 allows XSS via an OX Chat system message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite 7.10.5
CVE-2021-37402 MEDIUM

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.10.3
open-xchange open-xchange_appsuite 7.10.4
CVE-2021-37403 MEDIUM

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.10.3
open-xchange open-xchange_appsuite 7.10.4
CVE-2021-38374 LOW

OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-38375 MEDIUM

OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-38376 MEDIUM

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-38377 MEDIUM

OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-38378 MEDIUM

OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-44208 MEDIUM

OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-44209 MEDIUM

OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-44210 MEDIUM

OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-44211 LOW

OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-44212 MEDIUM

OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2021-44213 MEDIUM

OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2022-23099

OX App Suite through 7.10.6 allows XSS by forcing block-wise read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange app_suite *
CVE-2022-23100

OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2022-23101

OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2022-24405

OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2022-24406

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2022-29851

documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2022-29852

OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.5
open-xchange open-xchange_appsuite 7.10.6
CVE-2022-29853

OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.5
open-xchange open-xchange_appsuite 7.10.6
open-xchange open-xchange_appsuite 8.2
CVE-2022-31468

OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2022-31469

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.5
open-xchange open-xchange_appsuite 7.10.6
CVE-2022-37306

OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.5
open-xchange open-xchange_appsuite 7.10.6
CVE-2022-37308

OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.5
open-xchange open-xchange_appsuite 7.10.6
CVE-2022-37309

OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.5
open-xchange open-xchange_appsuite 7.10.6
CVE-2022-37310

OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.5
open-xchange open-xchange_appsuite 7.10.6
CVE-2022-37311

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.5
open-xchange open-xchange_appsuite 7.10.6
CVE-2022-37312

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.5
open-xchange open-xchange_appsuite 7.10.6
CVE-2022-37313

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.5
open-xchange open-xchange_appsuite 7.10.6
CVE-2022-43696

OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2022-43697

OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob.

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2022-43698

OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2022-43699

OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2023-24597

OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing.

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2023-24598

OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user.

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2023-24599

OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2023-24600

OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2023-24601

OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree.

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2023-24603

OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data.

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2023-24604

OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2023-24605

OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2023-26427

Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 3.2 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N 1.5 1.4

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend 7.10.6
open-xchange open-xchange_appsuite_backend *
CVE-2023-26428

Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend 7.10.6
open-xchange open-xchange_appsuite_backend *
CVE-2023-26429

Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 3.5 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N 1.8 1.4

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend 7.10.6
open-xchange open-xchange_appsuite_backend *
CVE-2023-26430

Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. We have added sanitization to all mail-filter APIs to avoid forwardning control characters to subsystems. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 3.5 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N 1.8 1.4

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend 8.10.0
open-xchange open-xchange_appsuite_backend 7.10.6
CVE-2023-26431

IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend 7.10.6
open-xchange open-xchange_appsuite_backend *
CVE-2023-26432

When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend 7.10.6
open-xchange open-xchange_appsuite_backend *
CVE-2023-26433

When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend 7.10.6
open-xchange open-xchange_appsuite_backend *
CVE-2023-26434

When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server response to reasonable length/size. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend 7.10.6
open-xchange open-xchange_appsuite_backend *
CVE-2023-26435

It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. We have improved existing content filters and validators to avoid including any local resources. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend 7.10.6
open-xchange open-xchange_appsuite_backend *
CVE-2023-26436

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processing the request. A check has been introduced to restrict processing of legal and expected classes for this API. We now log a warning in case there are attempts to inject illegal classes. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 7.1 HIGH CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 0.5 6.0

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend 7.10.6
open-xchange open-xchange_appsuite_backend *
CVE-2023-26438

External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend 8.10.0
open-xchange open-xchange_appsuite_backend 7.10.6
CVE-2023-26439

The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_office *
CVE-2023-26440

The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 7.1 HIGH CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 0.5 6.0

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_office *
CVE-2023-26441

Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. We have improved path validation and make sure that any access is contained to the defined root directory. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.7 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L 0.5 4.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_office *
CVE-2023-26442

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 3.2 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N 1.4 1.4

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_office *
CVE-2023-26443

Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L 1.3 3.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend *
CVE-2023-26445

Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the theme value and use a default fallback if no theme matches. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L 2.3 2.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_frontend *
CVE-2023-26446

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the user-controllable clientID parameter. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_frontend *
CVE-2023-26447

The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_frontend *
CVE-2023-26448

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content for those locations to avoid redirects to malicious content. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_frontend *
CVE-2023-26449

The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_frontend *
CVE-2023-26450

The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_frontend *
CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite_backend *
CVE-2023-26452

Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-26453

Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@open-xchange.com 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-26454

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@open-xchange.com 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-26455

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L 0.8 4.7
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-26456

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange ox_guard 2.10.7
open-xchange ox_guard *
CVE-2023-29043

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-29044

Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-29045

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-29046

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-29047

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 0.9 4.0
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.1 5.2

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-29048

A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@open-xchange.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2023-29049

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2023-29050

The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H 3.1 5.8
security@open-xchange.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L 2.3 4.7

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
open-xchange ox_app_suite 8.16
CVE-2023-29051

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
open-xchange ox_app_suite 8.17
CVE-2023-29052

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange ox_app_suite 7.10.6
CVE-2023-41703

User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-41704

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.3
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-41705

Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.3
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-41706

Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.3
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-41707

Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite 7.6.3
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-41708

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange open-xchange_appsuite *
open-xchange open-xchange_appsuite 7.10.6
CVE-2023-41710

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
open-xchange ox_app_suite 7.10.6
CVE-2024-23186

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2024-23187

Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2024-23193

E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

Products Affected

Vendor Product Version
open-xchange ox_app_suite *
CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Products Affected

Vendor Product Version
mozilla firefox *
open-xchange open-xchange_appsuite_frontend 7.10.6
mozilla thunderbird *
debian debian_linux 10.0
open-xchange open-xchange_appsuite_frontend *
CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided script, instead, use something else like FTS tika. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dovecot dovecot *
open-xchange dovecot *
CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd (or some other path which ends with passwd). If this file contains passwords, it can be used to authenticate wrongly, or if this is userdb, it can unexpectly make system users appear valid users. Upgrade to fixed version, or use different authentication scheme that does not rely on paths. Alternatively you can also ensure that the per-domain passwd files are in some other location, such as /etc/dovecot/auth/%d. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
dovecot dovecot *
open-xchange dovecot *
CVE-2026-24031

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 7.7 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L 2.2 5.5

Products Affected

Vendor Product Version
dovecot dovecot *
open-xchange dovecot *
CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If authentication happens over unsecure connection, switch to SCRAM protocol. Alternatively ensure the communcations are secured, and if possible switch to OAUTH2 or SCRAM. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2

Products Affected

Vendor Product Version
dovecot dovecot *
open-xchange dovecot *
CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port, install fixed version. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
dovecot dovecot *
open-xchange dovecot *
CVE-2026-27860

If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out auth_username_chars, or install fixed version. No publicly available exploits are known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@open-xchange.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
dovecot dovecot *
open-xchange dovecot *