All the vulnerabilites related to open-xchange - open-xchange_appsuite
cve-2014-9466
Vulnerability from cvelistv5
Published
2015-02-17 15:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/72587 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1031744 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/534695/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100867 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72587"
},
{
"name": "1031744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031744"
},
{
"name": "20150212 Open-Xchange Security Advisory 2015-02-12",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534695/100/0/threaded"
},
{
"name": "openxchange-cve20149466-info-disc(100867)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100867"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the \"folder identifier.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "72587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72587"
},
{
"name": "1031744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031744"
},
{
"name": "20150212 Open-Xchange Security Advisory 2015-02-12",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534695/100/0/threaded"
},
{
"name": "openxchange-cve20149466-info-disc(100867)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100867"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the \"folder identifier.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72587"
},
{
"name": "1031744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031744"
},
{
"name": "20150212 Open-Xchange Security Advisory 2015-02-12",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534695/100/0/threaded"
},
{
"name": "openxchange-cve20149466-info-disc(100867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100867"
},
{
"name": "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9466",
"datePublished": "2015-02-17T15:00:00",
"dateReserved": "2015-01-03T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37308
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://open-xchange.com"
},
{
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37308",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:29:20.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-23927
Vulnerability from cvelistv5
Published
2021-01-12 21:26
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-12T21:26:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23927",
"datePublished": "2021-01-12T21:26:53",
"dateReserved": "2021-01-12T00:00:00",
"dateUpdated": "2024-08-03T19:14:09.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11522
Vulnerability from cvelistv5
Published
2019-08-20 12:31
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.0 to 7.10.2 allows XSS.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.0 to 7.10.2 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T12:31:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.0 to 7.10.2 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11522",
"datePublished": "2019-08-20T12:31:28",
"dateReserved": "2019-04-25T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11806
Vulnerability from cvelistv5
Published
2019-08-20 12:35
Modified
2024-08-04 23:03
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.1 and earlier has Insecure Permissions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.1 and earlier has Insecure Permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T12:35:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.1 and earlier has Insecure Permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11806",
"datePublished": "2019-08-20T12:35:16",
"dateReserved": "2019-05-06T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29043
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-12-03 14:33
Severity ?
EPSS score ?
Summary
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T19:22:25.304395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:33:59.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"office"
],
"product": "OX App Suite",
"vendor": "OX Software GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePresentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.\u003c/p\u003e"
}
],
"value": "Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:07:53.229Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"source": {
"defect": [
"DOCS-4928"
],
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-29043",
"datePublished": "2023-11-02T13:01:28.171Z",
"dateReserved": "2023-03-30T09:34:25.188Z",
"dateUpdated": "2024-12-03T14:33:59.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31469
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-03 07:19
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class=\"deep-link-app\" for a /#!!\u0026app=%2e./ URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://open-xchange.com"
},
{
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31469",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2022-05-23T00:00:00",
"dateUpdated": "2024-08-03T07:19:06.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12884
Vulnerability from cvelistv5
Published
2019-05-10 15:32
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://app.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://app.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-10T15:32:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://app.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://app.com",
"refsource": "MISC",
"url": "http://app.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12884",
"datePublished": "2019-05-10T15:32:33",
"dateReserved": "2017-08-16T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31935
Vulnerability from cvelistv5
Published
2021-04-30 21:19
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:31.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T21:19:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31935",
"datePublished": "2021-04-30T21:19:30",
"dateReserved": "2021-04-30T00:00:00",
"dateUpdated": "2024-08-03T23:10:31.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5690
Vulnerability from cvelistv5
Published
2013-10-03 19:00
Modified
2024-09-16 22:29
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/528940 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:29.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130930 Open-Xchange Security Advisory 2013-09-30",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/528940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-03T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130930 Open-Xchange Security Advisory 2013-09-30",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/528940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130930 Open-Xchange Security Advisory 2013-09-30",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/528940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5690",
"datePublished": "2013-10-03T19:00:00Z",
"dateReserved": "2013-09-03T00:00:00Z",
"dateUpdated": "2024-09-16T22:29:53.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28943
Vulnerability from cvelistv5
Published
2021-04-30 21:03
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.4 and earlier allows SSRF via a snippet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://open-xchange.com | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:00.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.4 and earlier allows SSRF via a snippet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T21:03:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.4 and earlier allows SSRF via a snippet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://open-xchange.com",
"refsource": "MISC",
"url": "https://open-xchange.com"
},
{
"name": "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28943",
"datePublished": "2021-04-30T21:03:47",
"dateReserved": "2020-11-19T00:00:00",
"dateUpdated": "2024-08-04T16:48:00.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6009
Vulnerability from cvelistv5
Published
2013-10-03 19:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/528940 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130930 Open-Xchange Security Advisory 2013-09-30",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/528940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-03T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130930 Open-Xchange Security Advisory 2013-09-30",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/528940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130930 Open-Xchange Security Advisory 2013-09-30",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/528940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6009",
"datePublished": "2013-10-03T19:00:00Z",
"dateReserved": "2013-10-03T00:00:00Z",
"dateUpdated": "2024-09-16T18:29:35.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5234
Vulnerability from cvelistv5
Published
2014-09-17 14:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/533443/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/69796 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/61080 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html | x_refsource_MISC | |
| http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:47.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140915 Open-Xchange Security Advisory 2014-09-15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533443/100/0/threaded"
},
{
"name": "69796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69796"
},
{
"name": "61080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61080"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140915 Open-Xchange Security Advisory 2014-09-15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533443/100/0/threaded"
},
{
"name": "69796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69796"
},
{
"name": "61080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61080"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140915 Open-Xchange Security Advisory 2014-09-15",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533443/100/0/threaded"
},
{
"name": "69796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69796"
},
{
"name": "61080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61080"
},
{
"name": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf",
"refsource": "CONFIRM",
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5234",
"datePublished": "2014-09-17T14:00:00",
"dateReserved": "2014-08-13T00:00:00",
"dateUpdated": "2024-08-06T11:41:47.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8340
Vulnerability from cvelistv5
Published
2019-05-22 19:15
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T19:15:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://open-xchange.com",
"refsource": "MISC",
"url": "http://open-xchange.com"
},
{
"name": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8340",
"datePublished": "2019-05-22T19:15:24",
"dateReserved": "2017-04-29T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26454
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev5 Version: 0 ≤ 8.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"office"
],
"product": "OX App Suite",
"vendor": "OX Software GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRequests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\u003c/p\u003e"
}
],
"value": "Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:09:14.919Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"source": {
"defect": [
"DOCS-4802"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-26454",
"datePublished": "2023-11-02T13:01:16.521Z",
"dateReserved": "2023-02-22T20:42:56.092Z",
"dateUpdated": "2024-08-02T11:53:52.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6074
Vulnerability from cvelistv5
Published
2013-11-19 15:00
Modified
2024-08-06 17:29
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/88609 | vdb-entry, x_refsource_XF | |
| https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0 | x_refsource_CONFIRM | |
| http://osvdb.org/99487 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html | x_refsource_MISC | |
| http://secunia.com/advisories/55575 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openxchange-cve20136074-xss(88609)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88609"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0"
},
{
"name": "99487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99487"
},
{
"name": "20131106 Open-Xchange Security Advisory 2013-11-06",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html"
},
{
"name": "55575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55575"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openxchange-cve20136074-xss(88609)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88609"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0"
},
{
"name": "99487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99487"
},
{
"name": "20131106 Open-Xchange Security Advisory 2013-11-06",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html"
},
{
"name": "55575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55575"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openxchange-cve20136074-xss(88609)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88609"
},
{
"name": "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0",
"refsource": "CONFIRM",
"url": "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0"
},
{
"name": "99487",
"refsource": "OSVDB",
"url": "http://osvdb.org/99487"
},
{
"name": "20131106 Open-Xchange Security Advisory 2013-11-06",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html"
},
{
"name": "http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html"
},
{
"name": "55575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55575"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6074",
"datePublished": "2013-11-19T15:00:00",
"dateReserved": "2013-10-11T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12609
Vulnerability from cvelistv5
Published
2019-01-29 23:00
Modified
2024-08-05 08:38
Severity ?
EPSS score ?
Summary
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
References
| ▼ | URL | Tags |
|---|---|---|
| https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf | x_refsource_CONFIRM | |
| http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2019/Jan/10 | mailing-list, x_refsource_FULLDISC | |
| https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"name": "20190104 Open-Xchange Security Advisory 2018-12-31",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-29T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"name": "20190104 Open-Xchange Security Advisory 2018-12-31",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf"
},
{
"name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf",
"refsource": "CONFIRM",
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"name": "20190104 Open-Xchange Security Advisory 2018-12-31",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"name": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12609",
"datePublished": "2019-01-29T23:00:00",
"dateReserved": "2018-06-21T00:00:00",
"dateUpdated": "2024-08-05T08:38:06.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5211
Vulnerability from cvelistv5
Published
2019-05-23 14:30
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T14:30:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://open-xchange.com",
"refsource": "MISC",
"url": "http://open-xchange.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5211",
"datePublished": "2019-05-23T14:30:35",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5755
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5755",
"datePublished": "2018-06-15T21:00:00",
"dateReserved": "2018-01-17T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4027
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036157 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user\u0027s account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user\u0027s account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html",
"refsource": "CONFIRM",
"url": "http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4027",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-04-15T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5124
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering).
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/538892/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1036296 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/91775 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html"
},
{
"name": "20160713 Open-Xchange Security Advisory 2016-07-13",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538892/100/0/threaded"
},
{
"name": "1036296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036296"
},
{
"name": "91775",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag\u0026drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html"
},
{
"name": "20160713 Open-Xchange Security Advisory 2016-07-13",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538892/100/0/threaded"
},
{
"name": "1036296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036296"
},
{
"name": "91775",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag\u0026drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html",
"refsource": "CONFIRM",
"url": "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html"
},
{
"name": "20160713 Open-Xchange Security Advisory 2016-07-13",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538892/100/0/threaded"
},
{
"name": "1036296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036296"
},
{
"name": "91775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5124",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-05-30T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12644
Vulnerability from cvelistv5
Published
2020-08-31 14:25
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2020/Aug/14 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/Aug/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T14:25:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2020/Aug/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
},
{
"name": "https://seclists.org/fulldisclosure/2020/Aug/14",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2020/Aug/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12644",
"datePublished": "2020-08-31T14:25:38",
"dateReserved": "2020-05-04T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8544
Vulnerability from cvelistv5
Published
2020-06-16 13:50
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows SSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T13:50:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.3 allows SSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
},
{
"name": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8544",
"datePublished": "2020-06-16T13:50:52",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26699
Vulnerability from cvelistv5
Published
2021-07-22 16:22
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2021/Jul/33 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com"
},
{
"name": "20210716 Open-Xchange Security Advisory 2021-07-15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-25T13:42:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com"
},
{
"name": "20210716 Open-Xchange Security Advisory 2021-07-15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com",
"refsource": "MISC",
"url": "https://www.open-xchange.com"
},
{
"name": "20210716 Open-Xchange Security Advisory 2021-07-15",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"name": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"name": "https://seclists.org/fulldisclosure/2021/Jul/33",
"refsource": "CONFIRM",
"url": "https://seclists.org/fulldisclosure/2021/Jul/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26699",
"datePublished": "2021-07-22T16:22:58",
"dateReserved": "2021-02-04T00:00:00",
"dateUpdated": "2024-08-03T20:33:40.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2583
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-16 19:31
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130417 Open-Xchange Security Advisory 2013-04-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-05T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130417 Open-Xchange Security Advisory 2013-04-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130417 Open-Xchange Security Advisory 2013-04-17",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2583",
"datePublished": "2013-09-05T10:00:00Z",
"dateReserved": "2013-03-15T00:00:00Z",
"dateUpdated": "2024-09-16T19:31:11.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26698
Vulnerability from cvelistv5
Published
2021-07-22 16:07
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com"
},
{
"name": "20210716 Open-Xchange Security Advisory 2021-07-15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-25T13:41:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com"
},
{
"name": "20210716 Open-Xchange Security Advisory 2021-07-15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com",
"refsource": "MISC",
"url": "https://www.open-xchange.com"
},
{
"name": "20210716 Open-Xchange Security Advisory 2021-07-15",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"name": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"name": "http://seclists.org/fulldisclosure/2021/Jul/33",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26698",
"datePublished": "2021-07-22T16:07:36",
"dateReserved": "2021-02-04T00:00:00",
"dateUpdated": "2024-08-03T20:33:40.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26452
Vulnerability from cvelistv5
Published
2023-11-02 13:00
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev5 Version: 0 ≤ 8.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"office"
],
"product": "OX App Suite",
"vendor": "OX Software GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRequests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\u003c/p\u003e"
}
],
"value": "Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:08:54.928Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"source": {
"defect": [
"DOCS-4800"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-26452",
"datePublished": "2023-11-02T13:00:42.608Z",
"dateReserved": "2023-02-22T20:42:56.092Z",
"dateUpdated": "2024-08-02T11:53:52.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7143
Vulnerability from cvelistv5
Published
2014-01-26 20:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029650 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90546 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/65013 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/102195 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/bugtraq/2014/Jan/57 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029650"
},
{
"name": "openxchange-cve20137143-xss(90546)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90546"
},
{
"name": "65013",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65013"
},
{
"name": "102195",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/102195"
},
{
"name": "20140117 Open-Xchange Security Advisory 2014-01-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Jan/57"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1029650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029650"
},
{
"name": "openxchange-cve20137143-xss(90546)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90546"
},
{
"name": "65013",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65013"
},
{
"name": "102195",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/102195"
},
{
"name": "20140117 Open-Xchange Security Advisory 2014-01-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Jan/57"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029650"
},
{
"name": "openxchange-cve20137143-xss(90546)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90546"
},
{
"name": "65013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65013"
},
{
"name": "102195",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/102195"
},
{
"name": "20140117 Open-Xchange Security Advisory 2014-01-17",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Jan/57"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7143",
"datePublished": "2014-01-26T20:00:00",
"dateReserved": "2013-12-18T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6843
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93457 | vdb-entry, x_refsource_BID | |
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93457"
},
{
"name": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6843",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-08-18T00:00:00",
"dateUpdated": "2024-08-06T01:43:37.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6852
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93459 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"name": "93459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93459"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"name": "93459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93459"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"name": "93459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93459"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6852",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-08-18T00:00:00",
"dateUpdated": "2024-08-06T01:43:38.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12611
Vulnerability from cvelistv5
Published
2019-01-29 23:00
Modified
2024-08-05 08:38
Severity ?
EPSS score ?
Summary
OX App Suite 7.8.4 and earlier allows Directory Traversal.
References
| ▼ | URL | Tags |
|---|---|---|
| https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf | x_refsource_CONFIRM | |
| http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2019/Jan/10 | mailing-list, x_refsource_FULLDISC | |
| https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"name": "20190104 Open-Xchange Security Advisory 2018-12-31",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.8.4 and earlier allows Directory Traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-29T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"name": "20190104 Open-Xchange Security Advisory 2018-12-31",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.8.4 and earlier allows Directory Traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf"
},
{
"name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf",
"refsource": "CONFIRM",
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"name": "20190104 Open-Xchange Security Advisory 2018-12-31",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"name": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12611",
"datePublished": "2019-01-29T23:00:00",
"dateReserved": "2018-06-21T00:00:00",
"dateUpdated": "2024-08-05T08:38:06.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41703
Vulnerability from cvelistv5
Published
2024-02-12 08:15
Modified
2024-08-02 19:01
Severity ?
EPSS score ?
Summary
User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open-Xchange GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev9 Version: 0 ≤ 8.19 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:39:46.593028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:38.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"office"
],
"product": "OX App Suite",
"vendor": "Open-Xchange GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T14:08:48.074Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
}
],
"source": {
"defect": "DOCS-4483",
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-41703",
"datePublished": "2024-02-12T08:15:21.605Z",
"dateReserved": "2023-08-30T16:21:49.911Z",
"dateUpdated": "2024-08-02T19:01:35.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9808
Vulnerability from cvelistv5
Published
2019-05-22 19:01
Modified
2024-08-05 17:18
Severity ?
EPSS score ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:02.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T19:01:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9808",
"datePublished": "2019-05-22T19:01:49",
"dateReserved": "2017-06-22T00:00:00",
"dateUpdated": "2024-08-05T17:18:02.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8541
Vulnerability from cvelistv5
Published
2020-06-16 13:47
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows XXE attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows XXE attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T13:47:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.3 allows XXE attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
},
{
"name": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8541",
"datePublished": "2020-06-16T13:47:27",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2393
Vulnerability from cvelistv5
Published
2014-04-17 20:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/531762 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140408 Open-Xchange Security Advisory 2014-04-08",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-17T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140408 Open-Xchange Security Advisory 2014-04-08",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531762"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140408 Open-Xchange Security Advisory 2014-04-08",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531762"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2393",
"datePublished": "2014-04-17T20:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37312
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://open-xchange.com"
},
{
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37312",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:29:20.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1679
Vulnerability from cvelistv5
Published
2015-01-05 20:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/531005 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/56828 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91059 | vdb-entry, x_refsource_XF | |
| https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:10.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140210 Open-Xchange Security Advisory 2014-02-10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531005"
},
{
"name": "56828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56828"
},
{
"name": "openxchange-cve20141679-xss(91059)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91059"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140210 Open-Xchange Security Advisory 2014-02-10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531005"
},
{
"name": "56828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56828"
},
{
"name": "openxchange-cve20141679-xss(91059)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91059"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140210 Open-Xchange Security Advisory 2014-02-10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531005"
},
{
"name": "56828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56828"
},
{
"name": "openxchange-cve20141679-xss(91059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91059"
},
{
"name": "https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1",
"refsource": "MISC",
"url": "https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1679",
"datePublished": "2015-01-05T20:00:00",
"dateReserved": "2014-01-26T00:00:00",
"dateUpdated": "2024-08-06T09:50:10.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2392
Vulnerability from cvelistv5
Published
2014-04-17 20:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/531762 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140408 Open-Xchange Security Advisory 2014-04-08",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-17T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140408 Open-Xchange Security Advisory 2014-04-08",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531762"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140408 Open-Xchange Security Advisory 2014-04-08",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531762"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2392",
"datePublished": "2014-04-17T20:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5236
Vulnerability from cvelistv5
Published
2020-01-31 21:16
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T21:16:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"name": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"
},
{
"name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf",
"refsource": "MISC",
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5236",
"datePublished": "2020-01-31T21:16:52",
"dateReserved": "2014-08-13T00:00:00",
"dateUpdated": "2024-08-06T11:41:48.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29044
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"office"
],
"product": "OX App Suite",
"vendor": "OX Software GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDocuments operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.\u003c/p\u003e"
}
],
"value": "Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:08:04.419Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"source": {
"defect": [
"DOCS-4927"
],
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-29044",
"datePublished": "2023-11-02T13:01:31.388Z",
"dateReserved": "2023-03-30T09:34:25.188Z",
"dateUpdated": "2024-08-02T14:00:14.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7485
Vulnerability from cvelistv5
Published
2020-01-02 18:05
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/100385 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id/1029394 | vdb-entry, x_refsource_SECTRACK | |
| http://xforce.iss.net/xforce/xfdb/89251 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/55837 | third-party-advisory, x_refsource_SECUNIA | |
| http://xforce.iss.net/xforce/xfdb/89250 | vdb-entry, x_refsource_XF | |
| http://seclists.org/bugtraq/2013/Nov/127 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100385"
},
{
"name": "1029394",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029394"
},
{
"name": "openxchange-appsuite-url-xss(89251)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/xfdb/89251"
},
{
"name": "55837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55837"
},
{
"name": "openxchange-cve20136242-xss(89250)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/xfdb/89250"
},
{
"name": "20131125 Open-Xchange Security Advisory 2013-11-25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T18:05:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100385"
},
{
"name": "1029394",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029394"
},
{
"name": "openxchange-appsuite-url-xss(89251)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://xforce.iss.net/xforce/xfdb/89251"
},
{
"name": "55837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55837"
},
{
"name": "openxchange-cve20136242-xss(89250)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://xforce.iss.net/xforce/xfdb/89250"
},
{
"name": "20131125 Open-Xchange Security Advisory 2013-11-25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100385",
"refsource": "OSVDB",
"url": "http://osvdb.org/100385"
},
{
"name": "1029394",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029394"
},
{
"name": "openxchange-appsuite-url-xss(89251)",
"refsource": "XF",
"url": "http://xforce.iss.net/xforce/xfdb/89251"
},
{
"name": "55837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55837"
},
{
"name": "openxchange-cve20136242-xss(89250)",
"refsource": "XF",
"url": "http://xforce.iss.net/xforce/xfdb/89250"
},
{
"name": "20131125 Open-Xchange Security Advisory 2013-11-25",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"name": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"name": "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0",
"refsource": "CONFIRM",
"url": "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7485",
"datePublished": "2020-01-02T18:05:35",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-06T18:09:17.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5751
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the \"groups\" and \"users\" APIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the \"groups\" and \"users\" APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5751",
"datePublished": "2018-06-15T21:00:00",
"dateReserved": "2018-01-17T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5035
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/p/htmlcleaner/bugs/86/ | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/htmlcleaner/bugs/86/"
},
{
"name": "20130816 Open-Xchange Security Advisory 2013-08-16",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-05T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/htmlcleaner/bugs/86/"
},
{
"name": "20130816 Open-Xchange Security Advisory 2013-08-16",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/htmlcleaner/bugs/86/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/htmlcleaner/bugs/86/"
},
{
"name": "20130816 Open-Xchange Security Advisory 2013-08-16",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5035",
"datePublished": "2013-09-05T10:00:00Z",
"dateReserved": "2013-08-02T00:00:00Z",
"dateUpdated": "2024-09-17T01:46:33.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2077
Vulnerability from cvelistv5
Published
2014-03-20 16:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/57290 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57290"
},
{
"name": "20140317 Open-Xchange Security Advisory 2014-03-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving \u0027the aria \"tags\" for screenreaders at the top bar\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-20T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57290"
},
{
"name": "20140317 Open-Xchange Security Advisory 2014-03-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving \u0027the aria \"tags\" for screenreaders at the top bar\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57290"
},
{
"name": "20140317 Open-Xchange Security Advisory 2014-03-17",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2077",
"datePublished": "2014-03-20T16:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13668
Vulnerability from cvelistv5
Published
2019-05-23 15:15
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T15:15:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13668",
"datePublished": "2019-05-23T15:15:31",
"dateReserved": "2017-08-24T00:00:00",
"dateUpdated": "2024-08-05T19:05:19.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7141
Vulnerability from cvelistv5
Published
2014-01-26 20:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/65009 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90544 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1029650 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/102192 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/bugtraq/2014/Jan/57 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "65009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65009"
},
{
"name": "openxchange-cve20137141-xss(90544)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90544"
},
{
"name": "1029650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029650"
},
{
"name": "102192",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102192"
},
{
"name": "20140117 Open-Xchange Security Advisory 2014-01-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Jan/57"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted \"\u003c%\" tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "65009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65009"
},
{
"name": "openxchange-cve20137141-xss(90544)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90544"
},
{
"name": "1029650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029650"
},
{
"name": "102192",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102192"
},
{
"name": "20140117 Open-Xchange Security Advisory 2014-01-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Jan/57"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted \"\u003c%\" tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65009"
},
{
"name": "openxchange-cve20137141-xss(90544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90544"
},
{
"name": "1029650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029650"
},
{
"name": "102192",
"refsource": "OSVDB",
"url": "http://osvdb.org/102192"
},
{
"name": "20140117 Open-Xchange Security Advisory 2014-01-17",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Jan/57"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7141",
"datePublished": "2014-01-26T20:00:00",
"dateReserved": "2013-12-18T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12646
Vulnerability from cvelistv5
Published
2020-08-31 14:30
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T14:30:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12646",
"datePublished": "2020-08-31T14:30:03",
"dateReserved": "2020-05-04T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5200
Vulnerability from cvelistv5
Published
2013-09-25 10:00
Modified
2024-09-16 23:56
Severity ?
EPSS score ?
Summary
The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130910 Open-Xchange Security Advisory 2013-09-10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-25T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130910 Open-Xchange Security Advisory 2013-09-10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130910 Open-Xchange Security Advisory 2013-09-10",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5200",
"datePublished": "2013-09-25T10:00:00Z",
"dateReserved": "2013-08-15T00:00:00Z",
"dateUpdated": "2024-09-16T23:56:38.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31934
Vulnerability from cvelistv5
Published
2021-04-30 21:19
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:31.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T21:19:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31934",
"datePublished": "2021-04-30T21:19:43",
"dateReserved": "2021-04-30T00:00:00",
"dateUpdated": "2024-08-03T23:10:31.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18846
Vulnerability from cvelistv5
Published
2020-02-21 20:53
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.2 allows SSRF.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.2 allows SSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-15T18:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.2 allows SSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html"
},
{
"name": "http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18846",
"datePublished": "2020-02-21T20:53:19",
"dateReserved": "2019-11-11T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5753
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the \"personal part\" of a (1) From or (2) Sender address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the \"personal part\" of a (1) From or (2) Sender address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5753",
"datePublished": "2018-06-15T21:00:00",
"dateReserved": "2018-01-17T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5756
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5756",
"datePublished": "2018-06-15T21:00:00",
"dateReserved": "2018-01-17T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29045
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"office"
],
"product": "OX App Suite",
"vendor": "OX Software GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDocuments operations, in this case \u0026quot;drawing\u0026quot;, could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.\u003c/p\u003e"
}
],
"value": "Documents operations, in this case \"drawing\", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:08:13.807Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"source": {
"defect": [
"DOCS-4926"
],
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-29045",
"datePublished": "2023-11-02T13:01:35.652Z",
"dateReserved": "2023-03-30T09:34:25.188Z",
"dateUpdated": "2024-08-02T14:00:14.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7159
Vulnerability from cvelistv5
Published
2019-06-18 12:24
Modified
2024-08-04 20:38
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.1 and earlier allows Information Exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:33.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.1 and earlier allows Information Exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T12:24:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.1 and earlier allows Information Exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7159",
"datePublished": "2019-06-18T12:24:18",
"dateReserved": "2019-01-29T00:00:00",
"dateUpdated": "2024-08-04T20:38:33.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5864
Vulnerability from cvelistv5
Published
2019-05-22 19:38
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T19:38:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://open-xchange.com",
"refsource": "MISC",
"url": "http://open-xchange.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5864",
"datePublished": "2019-05-22T19:38:05",
"dateReserved": "2017-02-02T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24700
Vulnerability from cvelistv5
Published
2021-01-12 07:42
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com | x_refsource_MISC | |
| http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"name": "20210716 Open-Xchange Security Advisory 2021-07-15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"name": "20210716 Open-Xchange Security Advisory 2021-07-15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com",
"refsource": "MISC",
"url": "https://www.open-xchange.com"
},
{
"name": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"name": "20210716 Open-Xchange Security Advisory 2021-07-15",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"name": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24700",
"datePublished": "2021-01-12T07:42:56",
"dateReserved": "2020-08-27T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26455
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev48 Version: 0 ≤ 8.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"backend"
],
"product": "OX App Suite",
"vendor": "OX Software GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev48",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.\u003c/p\u003e"
}
],
"value": "RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:09:24.702Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"source": {
"defect": [
"MWB-1996"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-26455",
"datePublished": "2023-11-02T13:01:20.424Z",
"dateReserved": "2023-02-22T20:42:56.092Z",
"dateUpdated": "2024-08-02T11:53:52.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37402
Vulnerability from cvelistv5
Published
2021-07-22 16:19
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:04.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T16:19:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com",
"refsource": "MISC",
"url": "https://www.open-xchange.com"
},
{
"name": "http://seclists.org/fulldisclosure/2021/Jul/33",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37402",
"datePublished": "2021-07-22T16:19:12",
"dateReserved": "2021-07-22T00:00:00",
"dateUpdated": "2024-08-04T01:16:04.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8993
Vulnerability from cvelistv5
Published
2015-01-07 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62031 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1031488 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/534383/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:12.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html"
},
{
"name": "1031488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031488"
},
{
"name": "20150105 Open-Xchange Security Advisory 2015-01-05",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534383/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html"
},
{
"name": "1031488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031488"
},
{
"name": "20150105 Open-Xchange Security Advisory 2015-01-05",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534383/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62031"
},
{
"name": "http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html"
},
{
"name": "1031488",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031488"
},
{
"name": "20150105 Open-Xchange Security Advisory 2015-01-05",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534383/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8993",
"datePublished": "2015-01-07T18:00:00",
"dateReserved": "2014-11-19T00:00:00",
"dateUpdated": "2024-08-06T13:33:12.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5740
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:08
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/40378/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/92922 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/539394/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:08:00.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40378",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40378/"
},
{
"name": "92922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92922"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html"
},
{
"name": "20160913 Open-Xchange Security Advisory 2016-09-13",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539394/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment\u0027s location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user\u0027s current session. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40378",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40378/"
},
{
"name": "92922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92922"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html"
},
{
"name": "20160913 Open-Xchange Security Advisory 2016-09-13",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539394/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment\u0027s location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user\u0027s current session. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40378",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40378/"
},
{
"name": "92922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92922"
},
{
"name": "http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html",
"refsource": "CONFIRM",
"url": "http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html"
},
{
"name": "20160913 Open-Xchange Security Advisory 2016-09-13",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539394/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5740",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-06-22T00:00:00",
"dateUpdated": "2024-08-06T01:08:00.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4045
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036157 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:29.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4045",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-04-20T00:00:00",
"dateUpdated": "2024-08-06T00:17:29.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-13103
Vulnerability from cvelistv5
Published
2019-03-17 18:55
Modified
2024-08-05 08:52
Severity ?
EPSS score ?
Summary
OX App Suite 7.8.4 and earlier allows SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Jan/46 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:52:50.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.8.4 and earlier allows SSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T18:55:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.8.4 and earlier allows SSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/46",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13103",
"datePublished": "2019-03-17T18:55:40",
"dateReserved": "2018-07-03T00:00:00",
"dateUpdated": "2024-08-05T08:52:50.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8341
Vulnerability from cvelistv5
Published
2019-05-22 19:10
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T19:10:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://open-xchange.com",
"refsource": "MISC",
"url": "http://open-xchange.com"
},
{
"name": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8341",
"datePublished": "2019-05-22T19:10:16",
"dateReserved": "2017-04-29T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28945
Vulnerability from cvelistv5
Published
2021-05-03 19:38
Modified
2024-08-04 16:47
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.
References
| ▼ | URL | Tags |
|---|---|---|
| https://open-xchange.com | x_refsource_MISC | |
| https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:47:59.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-03T19:38:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://open-xchange.com",
"refsource": "MISC",
"url": "https://open-xchange.com"
},
{
"name": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28945",
"datePublished": "2021-05-03T19:38:27",
"dateReserved": "2020-11-19T00:00:00",
"dateUpdated": "2024-08-04T16:47:59.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6850
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93457 | vdb-entry, x_refsource_BID | |
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person\u0027s image within a browser. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person\u0027s image within a browser. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93457"
},
{
"name": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6850",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-08-18T00:00:00",
"dateUpdated": "2024-08-06T01:43:37.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6997
Vulnerability from cvelistv5
Published
2014-01-09 00:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90113 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/64676 | vdb-entry, x_refsource_BID | |
| http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf | x_refsource_CONFIRM | |
| http://www.osvdb.org/101714 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id/1029554 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/101715 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/530681/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openxchange-cve20136997-xss(90113)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90113"
},
{
"name": "64676",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf"
},
{
"name": "101714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/101714"
},
{
"name": "1029554",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029554"
},
{
"name": "101715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/101715"
},
{
"name": "20140106 Open-Xchange Security Advisory 2014-01-06",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/530681/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing \"crafted hyperlinks with script URL handlers.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openxchange-cve20136997-xss(90113)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90113"
},
{
"name": "64676",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf"
},
{
"name": "101714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/101714"
},
{
"name": "1029554",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029554"
},
{
"name": "101715",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/101715"
},
{
"name": "20140106 Open-Xchange Security Advisory 2014-01-06",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/530681/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing \"crafted hyperlinks with script URL handlers.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openxchange-cve20136997-xss(90113)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90113"
},
{
"name": "64676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64676"
},
{
"name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf",
"refsource": "CONFIRM",
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf"
},
{
"name": "101714",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/101714"
},
{
"name": "1029554",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029554"
},
{
"name": "101715",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/101715"
},
{
"name": "20140106 Open-Xchange Security Advisory 2014-01-06",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530681/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6997",
"datePublished": "2014-01-09T00:00:00",
"dateReserved": "2013-12-06T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41707
Vulnerability from cvelistv5
Published
2024-02-12 08:15
Modified
2024-08-02 19:01
Severity ?
EPSS score ?
Summary
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.
No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open-Xchange GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev55 Version: 0 ≤ 7.6.3-rev71 Version: 0 ≤ 8.19 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T14:28:43.049862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:20:50.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"backend"
],
"product": "OX App Suite",
"vendor": "Open-Xchange GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev55",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.3-rev71",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.\r\n No publicly available exploits are known."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T14:08:53.186Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
}
],
"source": {
"defect": "MWB-2366",
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-41707",
"datePublished": "2024-02-12T08:15:24.923Z",
"dateReserved": "2023-08-30T16:21:49.912Z",
"dateUpdated": "2024-08-02T19:01:35.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24701
Vulnerability from cvelistv5
Published
2021-01-12 07:58
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com | x_refsource_MISC | |
| http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"name": "20210716 Open-Xchange Security Advisory 2021-07-15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T16:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"name": "20210716 Open-Xchange Security Advisory 2021-07-15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com",
"refsource": "MISC",
"url": "https://www.open-xchange.com"
},
{
"name": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"name": "20210716 Open-Xchange Security Advisory 2021-07-15",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"name": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24701",
"datePublished": "2021-01-12T07:58:16",
"dateReserved": "2020-08-27T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5752
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5752",
"datePublished": "2018-06-15T21:00:00",
"dateReserved": "2018-01-17T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-23929
Vulnerability from cvelistv5
Published
2021-01-12 21:26
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/\u003cshare-token\u003e?delivery=view URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-12T21:26:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/\u003cshare-token\u003e?delivery=view URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23929",
"datePublished": "2021-01-12T21:26:28",
"dateReserved": "2021-01-12T00:00:00",
"dateUpdated": "2024-08-03T19:14:09.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2582
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-16 18:08
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130417 Open-Xchange Security Advisory 2013-04-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-05T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130417 Open-Xchange Security Advisory 2013-04-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130417 Open-Xchange Security Advisory 2013-04-17",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2582",
"datePublished": "2013-09-05T10:00:00Z",
"dateReserved": "2013-03-15T00:00:00Z",
"dateUpdated": "2024-09-16T18:08:06.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12645
Vulnerability from cvelistv5
Published
2020-08-31 14:28
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2020/Aug/14 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/Aug/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T14:28:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2020/Aug/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
},
{
"name": "https://seclists.org/fulldisclosure/2020/Aug/14",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2020/Aug/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12645",
"datePublished": "2020-08-31T14:28:16",
"dateReserved": "2020-05-04T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29047
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev5 Version: 0 ≤ 8.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"office"
],
"product": "OX App Suite",
"vendor": "OX Software GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.\u003c/p\u003e"
}
],
"value": "Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:08:31.530Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"source": {
"defect": [
"DOCS-4767"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-29047",
"datePublished": "2023-11-02T13:01:43.877Z",
"dateReserved": "2023-03-30T09:34:25.188Z",
"dateUpdated": "2024-08-02T14:00:14.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9997
Vulnerability from cvelistv5
Published
2018-07-05 20:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041213 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2018/Jul/12 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041213",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041213"
},
{
"name": "20180702 Open-Xchange Security Advisory 2018-07-02",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-16T22:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1041213",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041213"
},
{
"name": "20180702 Open-Xchange Security Advisory 2018-07-02",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041213",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041213"
},
{
"name": "20180702 Open-Xchange Security Advisory 2018-07-02",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/12"
},
{
"name": "http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9997",
"datePublished": "2018-07-05T20:00:00",
"dateReserved": "2018-04-10T00:00:00",
"dateUpdated": "2024-08-05T07:32:00.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6844
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93457 | vdb-entry, x_refsource_BID | |
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files \"in browser\" based on our Mail or Drive app. In case of \"a\" tags, this may include link targets with base64 encoded \"data\" references. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files \"in browser\" based on our Mail or Drive app. In case of \"a\" tags, this may include link targets with base64 encoded \"data\" references. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93457"
},
{
"name": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6844",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-08-18T00:00:00",
"dateUpdated": "2024-08-06T01:43:38.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4026
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036157 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4026",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-04-15T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6847
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93457 | vdb-entry, x_refsource_BID | |
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93457"
},
{
"name": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6847",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-08-18T00:00:00",
"dateUpdated": "2024-08-06T01:43:37.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41708
Vulnerability from cvelistv5
Published
2024-02-12 08:15
Modified
2024-08-02 19:01
Severity ?
EPSS score ?
Summary
References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open-Xchange GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev38 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"frontend"
],
"product": "OX App Suite",
"vendor": "Open-Xchange GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev38",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "References to the \"app loader\" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T14:08:54.485Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
}
],
"source": {
"defect": "OXUIB-2599",
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-41708",
"datePublished": "2024-02-12T08:15:25.802Z",
"dateReserved": "2023-08-30T16:21:49.912Z",
"dateUpdated": "2024-08-02T19:01:35.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6912
Vulnerability from cvelistv5
Published
2019-05-22 19:19
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T19:19:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://open-xchange.com",
"refsource": "MISC",
"url": "http://open-xchange.com"
},
{
"name": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6912",
"datePublished": "2019-05-22T19:19:21",
"dateReserved": "2017-03-15T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8542
Vulnerability from cvelistv5
Published
2020-06-16 13:46
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Aug/14 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
},
{
"name": "20200821 Open-Xchange Security Advisory 2020-08-20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T23:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
},
{
"name": "20200821 Open-Xchange Security Advisory 2020-08-20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.3 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
},
{
"name": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
},
{
"name": "20200821 Open-Xchange Security Advisory 2020-08-20",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Aug/14"
},
{
"name": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8542",
"datePublished": "2020-06-16T13:46:57",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5212
Vulnerability from cvelistv5
Published
2019-05-23 14:26
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T14:26:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://open-xchange.com",
"refsource": "MISC",
"url": "http://open-xchange.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5212",
"datePublished": "2019-05-23T14:26:06",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2078
Vulnerability from cvelistv5
Published
2018-04-10 15:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/531502/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92017 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140317 Open-Xchange Security Advisory 2014-03-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531502/100/0/threaded"
},
{
"name": "appsuite-cve20142078-info-disc(92017)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140317 Open-Xchange Security Advisory 2014-03-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531502/100/0/threaded"
},
{
"name": "appsuite-cve20142078-info-disc(92017)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140317 Open-Xchange Security Advisory 2014-03-17",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531502/100/0/threaded"
},
{
"name": "appsuite-cve20142078-info-disc(92017)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2078",
"datePublished": "2018-04-10T15:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-23933
Vulnerability from cvelistv5
Published
2021-01-12 21:25
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-12T21:25:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23933",
"datePublished": "2021-01-12T21:25:44",
"dateReserved": "2021-01-12T00:00:00",
"dateUpdated": "2024-08-03T19:14:09.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5375
Vulnerability from cvelistv5
Published
2015-09-28 16:00
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/536523/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034018 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:00.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html"
},
{
"name": "20150923 Open-Xchange Security Advisory 2015-09-23",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536523/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf"
},
{
"name": "1034018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html"
},
{
"name": "20150923 Open-Xchange Security Advisory 2015-09-23",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536523/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf"
},
{
"name": "1034018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html"
},
{
"name": "20150923 Open-Xchange Security Advisory 2015-09-23",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536523/100/0/threaded"
},
{
"name": "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf",
"refsource": "CONFIRM",
"url": "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf"
},
{
"name": "1034018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5375",
"datePublished": "2015-09-28T16:00:00",
"dateReserved": "2015-07-06T00:00:00",
"dateUpdated": "2024-08-06T06:50:00.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12610
Vulnerability from cvelistv5
Published
2019-01-29 23:00
Modified
2024-08-05 08:38
Severity ?
EPSS score ?
Summary
OX App Suite 7.8.4 and earlier allows Information Exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2019/Jan/10 | mailing-list, x_refsource_FULLDISC | |
| https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"name": "20190104 Open-Xchange Security Advisory 2018-12-31",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.8.4 and earlier allows Information Exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-29T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"name": "20190104 Open-Xchange Security Advisory 2018-12-31",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.8.4 and earlier allows Information Exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf",
"refsource": "CONFIRM",
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"name": "20190104 Open-Xchange Security Advisory 2018-12-31",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"name": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12610",
"datePublished": "2019-01-29T23:00:00",
"dateReserved": "2018-06-21T00:00:00",
"dateUpdated": "2024-08-05T08:38:06.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9809
Vulnerability from cvelistv5
Published
2019-05-22 18:54
Modified
2024-08-05 17:18
Severity ?
EPSS score ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:02.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T18:54:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9809",
"datePublished": "2019-05-22T18:54:58",
"dateReserved": "2017-06-22T00:00:00",
"dateUpdated": "2024-08-05T17:18:02.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17061
Vulnerability from cvelistv5
Published
2019-05-23 14:42
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/components/releasenotes/7.8.3/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/components/releasenotes/7.8.3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T14:42:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/components/releasenotes/7.8.3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "https://documentation.open-xchange.com/components/releasenotes/7.8.3/",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/components/releasenotes/7.8.3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17061",
"datePublished": "2019-05-23T14:42:19",
"dateReserved": "2017-11-29T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16716
Vulnerability from cvelistv5
Published
2020-01-06 19:43
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.2 has Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2020/Jan/7 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2020/Jan/7 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:41.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200103 Open-Xchange Security Advisory 2020-01-02",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.2 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-06T19:45:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20200103 Open-Xchange Security Advisory 2020-01-02",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.2 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200103 Open-Xchange Security Advisory 2020-01-02",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"name": "http://seclists.org/fulldisclosure/2020/Jan/7",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"name": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16716",
"datePublished": "2020-01-06T19:43:40",
"dateReserved": "2019-09-23T00:00:00",
"dateUpdated": "2024-08-05T01:17:41.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37313
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://open-xchange.com"
},
{
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37313",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:29:20.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14225
Vulnerability from cvelistv5
Published
2019-10-14 16:34
Modified
2024-08-05 00:12
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.1 and 7.10.2 allows SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2019/Oct/25 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:42.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
},
{
"name": "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2019/Oct/25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.1 and 7.10.2 allows SSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-14T16:35:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
},
{
"name": "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2019/Oct/25"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.1 and 7.10.2 allows SSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
},
{
"name": "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2019/Oct/25"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14225",
"datePublished": "2019-10-14T16:34:44",
"dateReserved": "2019-07-21T00:00:00",
"dateUpdated": "2024-08-05T00:12:42.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37307
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://open-xchange.com"
},
{
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37307",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:29:20.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6242
Vulnerability from cvelistv5
Published
2020-01-02 18:05
Modified
2024-08-06 17:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:38:58.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029394"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T18:05:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1029394"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"name": "http://seclists.org/bugtraq/2013/Nov/127",
"refsource": "MISC",
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"name": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6",
"refsource": "MISC",
"url": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6"
},
{
"name": "http://www.securitytracker.com/id/1029394",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1029394"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6242",
"datePublished": "2020-01-02T18:05:42",
"dateReserved": "2013-10-22T00:00:00",
"dateUpdated": "2024-08-06T17:38:58.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17060
Vulnerability from cvelistv5
Published
2019-05-23 14:44
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/components/releasenotes/7.8.3/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/components/releasenotes/7.8.3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T14:44:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/components/releasenotes/7.8.3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "https://documentation.open-xchange.com/components/releasenotes/7.8.3/",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/components/releasenotes/7.8.3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17060",
"datePublished": "2019-05-23T14:44:38",
"dateReserved": "2017-11-29T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3174
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/538481/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:58.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html"
},
{
"name": "20160525 Open-Xchange Security Advisory 2016-05-25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538481/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The \"defer\" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html"
},
{
"name": "20160525 Open-Xchange Security Advisory 2016-05-25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538481/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The \"defer\" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html",
"refsource": "CONFIRM",
"url": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html"
},
{
"name": "20160525 Open-Xchange Security Advisory 2016-05-25",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538481/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3174",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:58.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6845
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93457 | vdb-entry, x_refsource_BID | |
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded \"data\" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded \"data\" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93457"
},
{
"name": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6845",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-08-18T00:00:00",
"dateUpdated": "2024-08-06T01:43:37.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15030
Vulnerability from cvelistv5
Published
2019-05-23 14:57
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T14:57:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://open-xchange.com",
"refsource": "MISC",
"url": "http://open-xchange.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15030",
"datePublished": "2019-05-23T14:57:58",
"dateReserved": "2017-10-04T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13667
Vulnerability from cvelistv5
Published
2019-05-23 17:28
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T17:28:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13667",
"datePublished": "2019-05-23T17:28:41",
"dateReserved": "2017-08-24T00:00:00",
"dateUpdated": "2024-08-05T19:05:19.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37403
Vulnerability from cvelistv5
Published
2021-07-22 16:19
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jul/33 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:04.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T16:19:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com",
"refsource": "MISC",
"url": "https://www.open-xchange.com"
},
{
"name": "http://seclists.org/fulldisclosure/2021/Jul/33",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37403",
"datePublished": "2021-07-22T16:19:27",
"dateReserved": "2021-07-22T00:00:00",
"dateUpdated": "2024-08-04T01:16:04.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-23936
Vulnerability from cvelistv5
Published
2021-01-12 21:25
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via the subject of a task.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via the subject of a task."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-12T21:25:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.4 allows XSS via the subject of a task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23936",
"datePublished": "2021-01-12T21:25:12",
"dateReserved": "2021-01-12T00:00:00",
"dateUpdated": "2024-08-03T19:14:09.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16717
Vulnerability from cvelistv5
Published
2020-01-06 19:35
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.2 has XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Jan/7 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2020/Jan/7 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:41.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
},
{
"name": "20200103 Open-Xchange Security Advisory 2020-01-02",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.2 has XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-06T19:38:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
},
{
"name": "20200103 Open-Xchange Security Advisory 2020-01-02",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.2 has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
},
{
"name": "20200103 Open-Xchange Security Advisory 2020-01-02",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"name": "http://seclists.org/fulldisclosure/2020/Jan/7",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"name": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16717",
"datePublished": "2020-01-06T19:35:53",
"dateReserved": "2019-09-23T00:00:00",
"dateUpdated": "2024-08-05T01:17:41.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15029
Vulnerability from cvelistv5
Published
2019-05-23 15:00
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T15:00:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://open-xchange.com",
"refsource": "MISC",
"url": "http://open-xchange.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15029",
"datePublished": "2019-05-23T15:00:32",
"dateReserved": "2017-10-04T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14226
Vulnerability from cvelistv5
Published
2019-10-14 16:29
Modified
2024-08-05 00:12
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.2 has Insecure Permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2019/Oct/25 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
},
{
"name": "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2019/Oct/25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.2 has Insecure Permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-14T16:29:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
},
{
"name": "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2019/Oct/25"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.2 has Insecure Permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
},
{
"name": "FULLDISC: 20191011 Open-Xchange Security Advisory 2019-10-09",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2019/Oct/25"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14226",
"datePublished": "2019-10-14T16:29:01",
"dateReserved": "2019-07-21T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26453
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev5 Version: 0 ≤ 8.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"office"
],
"product": "OX App Suite",
"vendor": "OX Software GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRequests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\u003c/p\u003e"
}
],
"value": "Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:09:05.302Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"source": {
"defect": [
"DOCS-4801"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-26453",
"datePublished": "2023-11-02T13:01:12.014Z",
"dateReserved": "2023-02-22T20:42:56.092Z",
"dateUpdated": "2024-08-02T11:53:52.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1588
Vulnerability from cvelistv5
Published
2017-06-08 21:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032202 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/74350 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/535388/100/1100/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032202",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032202"
},
{
"name": "74350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html"
},
{
"name": "20150427 Open-Xchange Security Advisory 2015-04-27",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535388/100/1100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1032202",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032202"
},
{
"name": "74350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html"
},
{
"name": "20150427 Open-Xchange Security Advisory 2015-04-27",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535388/100/1100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032202",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032202"
},
{
"name": "74350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74350"
},
{
"name": "http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html"
},
{
"name": "20150427 Open-Xchange Security Advisory 2015-04-27",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535388/100/1100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1588",
"datePublished": "2017-06-08T21:00:00",
"dateReserved": "2015-02-11T00:00:00",
"dateUpdated": "2024-08-06T04:47:17.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-23934
Vulnerability from cvelistv5
Published
2021-01-12 21:25
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-12T21:25:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23934",
"datePublished": "2021-01-12T21:25:33",
"dateReserved": "2021-01-12T00:00:00",
"dateUpdated": "2024-08-03T19:14:09.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-23928
Vulnerability from cvelistv5
Published
2021-01-12 21:26
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-12T21:26:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23928",
"datePublished": "2021-01-12T21:26:40",
"dateReserved": "2021-01-12T00:00:00",
"dateUpdated": "2024-08-03T19:14:09.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7142
Vulnerability from cvelistv5
Published
2014-01-26 20:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90545 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/102193 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id/1029650 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/65012 | vdb-entry, x_refsource_BID | |
| http://seclists.org/bugtraq/2014/Jan/57 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openxchange-cve20137142-xss(90545)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90545"
},
{
"name": "102193",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102193"
},
{
"name": "1029650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029650"
},
{
"name": "65012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65012"
},
{
"name": "20140117 Open-Xchange Security Advisory 2014-01-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Jan/57"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openxchange-cve20137142-xss(90545)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90545"
},
{
"name": "102193",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102193"
},
{
"name": "1029650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029650"
},
{
"name": "65012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65012"
},
{
"name": "20140117 Open-Xchange Security Advisory 2014-01-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Jan/57"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openxchange-cve20137142-xss(90545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90545"
},
{
"name": "102193",
"refsource": "OSVDB",
"url": "http://osvdb.org/102193"
},
{
"name": "1029650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029650"
},
{
"name": "65012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65012"
},
{
"name": "20140117 Open-Xchange Security Advisory 2014-01-17",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Jan/57"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7142",
"datePublished": "2014-01-26T20:00:00",
"dateReserved": "2013-12-18T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8543
Vulnerability from cvelistv5
Published
2020-06-16 13:46
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 has Improper Input Validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 has Improper Input Validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T13:46:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.3 has Improper Input Validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
},
{
"name": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8543",
"datePublished": "2020-06-16T13:46:10",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7140
Vulnerability from cvelistv5
Published
2014-01-26 20:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90543 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/65015 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/102194 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id/1029650 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/bugtraq/2014/Jan/57 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openxchange-cve20137140-info-disclosure(90543)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90543"
},
{
"name": "65015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65015"
},
{
"name": "102194",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/102194"
},
{
"name": "1029650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029650"
},
{
"name": "20140117 Open-Xchange Security Advisory 2014-01-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Jan/57"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openxchange-cve20137140-info-disclosure(90543)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90543"
},
{
"name": "65015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65015"
},
{
"name": "102194",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/102194"
},
{
"name": "1029650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029650"
},
{
"name": "20140117 Open-Xchange Security Advisory 2014-01-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Jan/57"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openxchange-cve20137140-info-disclosure(90543)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90543"
},
{
"name": "65015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65015"
},
{
"name": "102194",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/102194"
},
{
"name": "1029650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029650"
},
{
"name": "20140117 Open-Xchange Security Advisory 2014-01-17",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Jan/57"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7140",
"datePublished": "2014-01-26T20:00:00",
"dateReserved": "2013-12-18T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41704
Vulnerability from cvelistv5
Published
2024-02-12 08:15
Modified
2024-08-22 17:55
Severity ?
EPSS score ?
Summary
Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open-Xchange GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev55 Version: 0 ≤ 7.6.3-rev71 Version: 0 ≤ 8.20 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T17:54:46.670204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T17:55:14.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"backend"
],
"product": "OX App Suite",
"vendor": "Open-Xchange GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev55",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.3-rev71",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T14:08:49.359Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
}
],
"source": {
"defect": "MWB-2393",
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-41704",
"datePublished": "2024-02-12T08:15:22.352Z",
"dateReserved": "2023-08-30T16:21:49.912Z",
"dateUpdated": "2024-08-22T17:55:14.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41705
Vulnerability from cvelistv5
Published
2024-02-12 08:15
Modified
2024-11-07 19:20
Severity ?
EPSS score ?
Summary
Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open-Xchange GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev55 Version: 0 ≤ 7.6.3-rev71 Version: 0 ≤ 8.20 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T19:20:03.494419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T19:20:22.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"backend"
],
"product": "OX App Suite",
"vendor": "Open-Xchange GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev55",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.3-rev71",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T14:08:50.608Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
}
],
"source": {
"defect": "MWB-2392",
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-41705",
"datePublished": "2024-02-12T08:15:23.158Z",
"dateReserved": "2023-08-30T16:21:49.912Z",
"dateUpdated": "2024-11-07T19:20:22.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2840
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/537959/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035469 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:21.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160402 Open-Xchange Security Advisory 2016-04-02",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537959/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html"
},
{
"name": "1035469",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035469"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The \"session\" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain\u0027s context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160402 Open-Xchange Security Advisory 2016-04-02",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537959/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html"
},
{
"name": "1035469",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035469"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The \"session\" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain\u0027s context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160402 Open-Xchange Security Advisory 2016-04-02",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537959/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html",
"refsource": "CONFIRM",
"url": "http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html"
},
{
"name": "1035469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035469"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2840",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-03-02T00:00:00",
"dateUpdated": "2024-08-05T23:32:21.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12643
Vulnerability from cvelistv5
Published
2020-08-31 14:24
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Aug/14 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
},
{
"name": "20200821 Open-Xchange Security Advisory 2020-08-20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T14:24:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
},
{
"name": "20200821 Open-Xchange Security Advisory 2020-08-20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
},
{
"name": "20200821 Open-Xchange Security Advisory 2020-08-20",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Aug/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12643",
"datePublished": "2020-08-31T14:24:01",
"dateReserved": "2020-05-04T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5863
Vulnerability from cvelistv5
Published
2019-05-22 19:45
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T19:45:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://open-xchange.com",
"refsource": "MISC",
"url": "http://open-xchange.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5863",
"datePublished": "2019-05-22T19:45:38",
"dateReserved": "2017-02-02T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5698
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-16 23:36
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:29.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130603 Open-Xchange Security Advisory 2013-06-03",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-05T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130603 Open-Xchange Security Advisory 2013-06-03",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130603 Open-Xchange Security Advisory 2013-06-03",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5698",
"datePublished": "2013-09-05T10:00:00Z",
"dateReserved": "2013-09-05T00:00:00Z",
"dateUpdated": "2024-09-16T23:36:10.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4047
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036157 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4047",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-04-20T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5235
Vulnerability from cvelistv5
Published
2014-09-17 14:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/69792 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/533443/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/61080 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html | x_refsource_MISC | |
| http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69792",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69792"
},
{
"name": "20140915 Open-Xchange Security Advisory 2014-09-15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533443/100/0/threaded"
},
{
"name": "61080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61080"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69792",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69792"
},
{
"name": "20140915 Open-Xchange Security Advisory 2014-09-15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533443/100/0/threaded"
},
{
"name": "61080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61080"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69792"
},
{
"name": "20140915 Open-Xchange Security Advisory 2014-09-15",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533443/100/0/threaded"
},
{
"name": "61080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61080"
},
{
"name": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf",
"refsource": "CONFIRM",
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5235",
"datePublished": "2014-09-17T14:00:00",
"dateReserved": "2014-08-13T00:00:00",
"dateUpdated": "2024-08-06T11:41:48.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3106
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-17 03:47
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:09.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130603 Open-Xchange Security Advisory 2013-06-03",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-05T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130603 Open-Xchange Security Advisory 2013-06-03",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130603 Open-Xchange Security Advisory 2013-06-03",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3106",
"datePublished": "2013-09-05T10:00:00Z",
"dateReserved": "2013-04-17T00:00:00Z",
"dateUpdated": "2024-09-17T03:47:47.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41706
Vulnerability from cvelistv5
Published
2024-02-12 08:15
Modified
2024-08-02 19:01
Severity ?
EPSS score ?
Summary
Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open-Xchange GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev55 Version: 0 ≤ 7.6.3-rev71 Version: 0 ≤ 8.19 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T16:27:35.682374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:20:51.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"backend"
],
"product": "OX App Suite",
"vendor": "Open-Xchange GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev55",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.3-rev71",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T14:08:51.845Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
}
],
"source": {
"defect": "MWB-2367",
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-41706",
"datePublished": "2024-02-12T08:15:24.085Z",
"dateReserved": "2023-08-30T16:21:49.912Z",
"dateUpdated": "2024-08-02T19:01:35.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29853
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-03 06:33
Severity ?
EPSS score ?
Summary
OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2022/Sep/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://open-xchange.com"
},
{
"url": "https://seclists.org/fulldisclosure/2022/Sep/0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29853",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5754
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5754",
"datePublished": "2018-06-15T21:00:00",
"dateReserved": "2018-01-17T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5210
Vulnerability from cvelistv5
Published
2019-05-23 14:34
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T14:34:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://open-xchange.com",
"refsource": "MISC",
"url": "http://open-xchange.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5210",
"datePublished": "2019-05-23T14:34:45",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7871
Vulnerability from cvelistv5
Published
2014-11-21 15:00
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/70982 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/533936/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98563 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html"
},
{
"name": "70982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70982"
},
{
"name": "20141107 Open-Xchange Security Advisory 2014-11-07",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533936/100/0/threaded"
},
{
"name": "oxappsuite-cve20147871-sql-injection(98563)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html"
},
{
"name": "70982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70982"
},
{
"name": "20141107 Open-Xchange Security Advisory 2014-11-07",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533936/100/0/threaded"
},
{
"name": "oxappsuite-cve20147871-sql-injection(98563)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html"
},
{
"name": "70982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70982"
},
{
"name": "20141107 Open-Xchange Security Advisory 2014-11-07",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533936/100/0/threaded"
},
{
"name": "oxappsuite-cve20147871-sql-injection(98563)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7871",
"datePublished": "2014-11-21T15:00:00",
"dateReserved": "2014-10-06T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5935
Vulnerability from cvelistv5
Published
2013-09-25 10:00
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130910 Open-Xchange Security Advisory 2013-09-10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-25T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130910 Open-Xchange Security Advisory 2013-09-10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130910 Open-Xchange Security Advisory 2013-09-10",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5935",
"datePublished": "2013-09-25T10:00:00Z",
"dateReserved": "2013-09-25T00:00:00Z",
"dateUpdated": "2024-09-16T19:10:12.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9998
Vulnerability from cvelistv5
Published
2018-07-05 20:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041213 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2018/Jul/12 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041213",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041213"
},
{
"name": "20180702 Open-Xchange Security Advisory 2018-07-02",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an \"all\" action to api/tasks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-06T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1041213",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041213"
},
{
"name": "20180702 Open-Xchange Security Advisory 2018-07-02",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an \"all\" action to api/tasks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041213",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041213"
},
{
"name": "20180702 Open-Xchange Security Advisory 2018-07-02",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9998",
"datePublished": "2018-07-05T20:00:00",
"dateReserved": "2018-04-10T00:00:00",
"dateUpdated": "2024-08-05T07:32:00.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37309
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://open-xchange.com"
},
{
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37309",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:29:20.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29046
Vulnerability from cvelistv5
Published
2023-11-02 13:01
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | OX Software GmbH | OX App Suite |
Version: 0 ≤ 7.10.6-rev48 Version: 0 ≤ 8.11 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"backend"
],
"product": "OX App Suite",
"vendor": "OX Software GmbH",
"versions": [
{
"lessThanOrEqual": "7.10.6-rev48",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eConnections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.\u003c/p\u003e"
}
],
"value": "Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:08:22.530Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
}
],
"source": {
"defect": [
"MWB-1982"
],
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-29046",
"datePublished": "2023-11-02T13:01:39.521Z",
"dateReserved": "2023-03-30T09:34:25.188Z",
"dateUpdated": "2024-08-02T14:00:14.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5934
Vulnerability from cvelistv5
Published
2013-09-25 10:00
Modified
2024-09-16 18:54
Severity ?
EPSS score ?
Summary
Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130910 Open-Xchange Security Advisory 2013-09-10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-25T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130910 Open-Xchange Security Advisory 2013-09-10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130910 Open-Xchange Security Advisory 2013-09-10",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5934",
"datePublished": "2013-09-25T10:00:00Z",
"dateReserved": "2013-09-25T00:00:00Z",
"dateUpdated": "2024-09-16T18:54:18.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7158
Vulnerability from cvelistv5
Published
2019-06-17 19:03
Modified
2024-08-04 20:38
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.0 and earlier has Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:33.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.0 and earlier has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-17T19:03:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.0 and earlier has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7158",
"datePublished": "2019-06-17T19:03:42",
"dateReserved": "2019-01-29T00:00:00",
"dateUpdated": "2024-08-04T20:38:33.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5238
Vulnerability from cvelistv5
Published
2020-01-14 16:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:47.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T16:00:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"name": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"
},
{
"name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf",
"refsource": "MISC",
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5238",
"datePublished": "2020-01-14T16:00:29",
"dateReserved": "2014-08-13T00:00:00",
"dateUpdated": "2024-08-06T11:41:47.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5213
Vulnerability from cvelistv5
Published
2019-05-23 14:21
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://open-xchange.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T14:21:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-xchange.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://open-xchange.com",
"refsource": "MISC",
"url": "http://open-xchange.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5213",
"datePublished": "2019-05-23T14:21:22",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11521
Vulnerability from cvelistv5
Published
2019-08-20 12:26
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.1 allows Content Spoofing.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.1 allows Content Spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T12:26:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.1 allows Content Spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11521",
"datePublished": "2019-08-20T12:26:10",
"dateReserved": "2019-04-25T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15002
Vulnerability from cvelistv5
Published
2020-10-23 04:51
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2020/Oct/20 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:00:52.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T04:51:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
},
{
"name": "https://seclists.org/fulldisclosure/2020/Oct/20",
"refsource": "CONFIRM",
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15002",
"datePublished": "2020-10-23T04:51:42",
"dateReserved": "2020-06-24T00:00:00",
"dateUpdated": "2024-08-04T13:00:52.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14227
Vulnerability from cvelistv5
Published
2019-10-14 16:17
Modified
2024-08-05 00:12
Severity ?
EPSS score ?
Summary
OX App Suite 7.10.1 and 7.10.2 allows XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2019/Oct/25 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:42.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20191011 Open-Xchange Security Advisory 2019-10-09",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.1 and 7.10.2 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-14T16:22:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20191011 Open-Xchange Security Advisory 2019-10-09",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.10.1 and 7.10.2 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20191011 Open-Xchange Security Advisory 2019-10-09",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/25"
},
{
"name": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14227",
"datePublished": "2019-10-14T16:17:17",
"dateReserved": "2019-07-21T00:00:00",
"dateUpdated": "2024-08-05T00:12:42.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15004
Vulnerability from cvelistv5
Published
2020-10-23 04:55
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2020/Oct/20 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:00:52.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T04:55:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
},
{
"name": "https://seclists.org/fulldisclosure/2020/Oct/20",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15004",
"datePublished": "2020-10-23T04:55:35",
"dateReserved": "2020-06-24T00:00:00",
"dateUpdated": "2024-08-04T13:00:52.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3173
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/538481/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:58.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html"
},
{
"name": "20160525 Open-Xchange Security Advisory 2016-05-25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538481/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html"
},
{
"name": "20160525 Open-Xchange Security Advisory 2016-05-25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538481/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html",
"refsource": "CONFIRM",
"url": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html"
},
{
"name": "20160525 Open-Xchange Security Advisory 2016-05-25",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538481/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3173",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:58.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-13104
Vulnerability from cvelistv5
Published
2019-03-17 19:01
Modified
2024-08-05 08:52
Severity ?
EPSS score ?
Summary
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Jan/46 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:52:50.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T19:01:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/46",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13104",
"datePublished": "2019-03-17T19:01:06",
"dateReserved": "2018-07-03T00:00:00",
"dateUpdated": "2024-08-05T08:52:50.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37310
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!\u0026app=io.ox/files\u0026cap= URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://open-xchange.com"
},
{
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37310",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:29:21.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29852
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-03 06:33
Severity ?
EPSS score ?
Summary
OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2022/Sep/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://open-xchange.com"
},
{
"url": "https://seclists.org/fulldisclosure/2022/Sep/0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29852",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-23931
Vulnerability from cvelistv5
Published
2021-01-12 21:26
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via an inline binary file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via an inline binary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-12T21:26:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.4 allows XSS via an inline binary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23931",
"datePublished": "2021-01-12T21:26:06",
"dateReserved": "2021-01-12T00:00:00",
"dateUpdated": "2024-08-03T19:14:09.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6842
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93457 | vdb-entry, x_refsource_BID | |
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user\u0027s name to JS code makes that code execute when selecting that user\u0027s \"Templates\" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user\u0027s name to JS code makes that code execute when selecting that user\u0027s \"Templates\" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93457"
},
{
"name": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6842",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-08-18T00:00:00",
"dateUpdated": "2024-08-06T01:43:38.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-23932
Vulnerability from cvelistv5
Published
2021-01-12 21:25
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-12T21:25:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23932",
"datePublished": "2021-01-12T21:25:56",
"dateReserved": "2021-01-12T00:00:00",
"dateUpdated": "2024-08-03T19:14:09.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12885
Vulnerability from cvelistv5
Published
2019-05-10 14:43
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://ox.com | x_refsource_MISC | |
| http://app.com | x_refsource_MISC | |
| https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://app.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-10T14:43:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ox.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://app.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ox.com",
"refsource": "MISC",
"url": "http://ox.com"
},
{
"name": "http://app.com",
"refsource": "MISC",
"url": "http://app.com"
},
{
"name": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html",
"refsource": "CONFIRM",
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12885",
"datePublished": "2019-05-10T14:43:25",
"dateReserved": "2017-08-16T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5936
Vulnerability from cvelistv5
Published
2013-09-25 10:00
Modified
2024-09-17 01:31
Severity ?
EPSS score ?
Summary
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130910 Open-Xchange Security Advisory 2013-09-10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-25T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130910 Open-Xchange Security Advisory 2013-09-10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130910 Open-Xchange Security Advisory 2013-09-10",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5936",
"datePublished": "2013-09-25T10:00:00Z",
"dateReserved": "2013-09-25T00:00:00Z",
"dateUpdated": "2024-09-17T01:31:55.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15003
Vulnerability from cvelistv5
Published
2020-10-23 04:54
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.open-xchange.com/ | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2020/Oct/20 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:00:52.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-23T04:54:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.open-xchange.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.open-xchange.com/",
"refsource": "MISC",
"url": "https://www.open-xchange.com/"
},
{
"name": "https://seclists.org/fulldisclosure/2020/Oct/20",
"refsource": "CONFIRM",
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15003",
"datePublished": "2020-10-23T04:54:27",
"dateReserved": "2020-06-24T00:00:00",
"dateUpdated": "2024-08-04T13:00:52.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6848
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93460 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"name": "93460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client (\"Reflected File Download\"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"name": "93460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client (\"Reflected File Download\"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"name": "93460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6848",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-08-18T00:00:00",
"dateUpdated": "2024-08-06T01:43:38.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-23930
Vulnerability from cvelistv5
Published
2021-01-12 21:26
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-12T21:26:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23930",
"datePublished": "2021-01-12T21:26:16",
"dateReserved": "2021-01-12T00:00:00",
"dateUpdated": "2024-08-03T19:14:09.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-23935
Vulnerability from cvelistv5
Published
2021-01-12 21:25
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-12T21:25:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23935",
"datePublished": "2021-01-12T21:25:23",
"dateReserved": "2021-01-12T00:00:00",
"dateUpdated": "2024-08-03T19:14:09.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4048
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036157 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4048",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-04-20T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6241
Vulnerability from cvelistv5
Published
2014-12-27 18:00
Modified
2024-08-06 17:38
Severity ?
EPSS score ?
Summary
The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0 | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:38:59.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0"
},
{
"name": "20131106 Open-Xchange Security Advisory 2013-11-06",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-27T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0"
},
{
"name": "20131106 Open-Xchange Security Advisory 2013-11-06",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0",
"refsource": "CONFIRM",
"url": "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0"
},
{
"name": "20131106 Open-Xchange Security Advisory 2013-11-06",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6241",
"datePublished": "2014-12-27T18:00:00",
"dateReserved": "2013-10-22T00:00:00",
"dateUpdated": "2024-08-06T17:38:59.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4046
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036157 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036157"
},
{
"name": "20160622 Open-Xchange Security Advisory 2016-06-22",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4046",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-04-20T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4790
Vulnerability from cvelistv5
Published
2013-09-05 10:00
Modified
2024-09-16 16:34
Severity ?
EPSS score ?
Summary
Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130731 Open-Xchange Security Advisory 2013-07-31",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-05T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130731 Open-Xchange Security Advisory 2013-07-31",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130731 Open-Xchange Security Advisory 2013-07-31",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4790",
"datePublished": "2013-09-05T10:00:00Z",
"dateReserved": "2013-07-11T00:00:00Z",
"dateUpdated": "2024-09-16T16:34:08.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2391
Vulnerability from cvelistv5
Published
2014-04-17 20:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/531762 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140408 Open-Xchange Security Advisory 2014-04-08",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-17T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140408 Open-Xchange Security Advisory 2014-04-08",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531762"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140408 Open-Xchange Security Advisory 2014-04-08",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531762"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2391",
"datePublished": "2014-04-17T20:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37311
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://open-xchange.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://open-xchange.com"
},
{
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37311",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:29:20.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17062
Vulnerability from cvelistv5
Published
2018-06-15 21:00
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44881/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2018/Jun/23 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"name": "44881",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"name": "20180608 Open-Xchange Security Advisory 2018-06-08",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17062",
"datePublished": "2018-06-15T21:00:00",
"dateReserved": "2017-11-29T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6913
Vulnerability from cvelistv5
Published
2018-09-18 20:00
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.
References
| ▼ | URL | Tags |
|---|---|---|
| https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf | x_refsource_CONFIRM | |
| https://github.com/gquere/CVE-2017-6913 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gquere/CVE-2017-6913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-18T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gquere/CVE-2017-6913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf"
},
{
"name": "https://github.com/gquere/CVE-2017-6913",
"refsource": "MISC",
"url": "https://github.com/gquere/CVE-2017-6913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6913",
"datePublished": "2018-09-18T20:00:00",
"dateReserved": "2017-03-15T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7486
Vulnerability from cvelistv5
Published
2020-01-02 18:05
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029394 | vdb-entry, x_refsource_SECTRACK | |
| http://xforce.iss.net/xforce/xfdb/89250 | vdb-entry, x_refsource_XF | |
| http://seclists.org/bugtraq/2013/Nov/127 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029394",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029394"
},
{
"name": "openxchange-cve20136242-xss(89250)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/xfdb/89250"
},
{
"name": "20131125 Open-Xchange Security Advisory 2013-11-25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T18:05:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1029394",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029394"
},
{
"name": "openxchange-cve20136242-xss(89250)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://xforce.iss.net/xforce/xfdb/89250"
},
{
"name": "20131125 Open-Xchange Security Advisory 2013-11-25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029394",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029394"
},
{
"name": "openxchange-cve20136242-xss(89250)",
"refsource": "XF",
"url": "http://xforce.iss.net/xforce/xfdb/89250"
},
{
"name": "20131125 Open-Xchange Security Advisory 2013-11-25",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"name": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"name": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6",
"refsource": "CONFIRM",
"url": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7486",
"datePublished": "2020-01-02T18:05:38",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-06T18:09:17.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-10-23 05:15
Modified
2024-11-21 05:04
Severity ?
Summary
OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/Oct/20 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/Oct/20 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA29625-42CD-49CC-9E34-858CB6C5D28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "944562A2-53D7-4D75-B238-B9BD0F695E45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS de stats/diagnostic?param="
}
],
"id": "CVE-2020-15004",
"lastModified": "2024-11-21T05:04:36.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-23T05:15:13.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-24 05:06
Modified
2024-11-21 02:06
Severity ?
Summary
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.4.1 | |
| open-xchange | open-xchange_appsuite | 7.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4051DD61-3387-4CFB-9243-FCB602813F10",
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABF6E32-2996-4DCF-A4A2-197CCFAEE22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A708019-6229-4768-994C-5A51B0495CAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request."
},
{
"lang": "es",
"value": "El servicio de recuperaci\u00f3n de contrase\u00f1a en Open-Xchange AppSuite anterior a 7.2.2-rev20, 7.4.1 anterior a 7.4.1-rev11, y 7.4.2 anterior a 7.4.2-rev13 toma una decision indebida sobre la sensibilidad de una cadena que representa una contrase\u00f1a utilizada anteriormente pero actualmente invalida, lo que permite a atacantes remotos obtener informaci\u00f3n potencialmente \u00fatil de pautas de contrase\u00f1as mediante la lectura de (1) un registro de acceso al servidor web, (2) un registro Referer del servidor web o (3) un historial del navegador que contiene esta cadena debido a su presencia en una solicitud GET."
}
],
"id": "CVE-2014-2391",
"lastModified": "2024-11-21T02:06:12.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-24T05:06:05.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/531762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/531762"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-30 15:29
Modified
2024-11-21 03:45
Severity ?
Summary
OX App Suite 7.8.4 and earlier allows Information Exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jan/10 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf | Patch, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jan/10 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.8.4 and earlier allows Information Exposure."
},
{
"lang": "es",
"value": "OX App Suite, en su versi\u00f3n 7.8.4 y anteriores, permite la fuga de informaci\u00f3n."
}
],
"id": "CVE-2018-12610",
"lastModified": "2024-11-21T03:45:32.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-30T15:29:03.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 08:15
Modified
2024-11-21 05:15
Severity ?
Summary
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF porque unas peticiones GET son enviadas a nombres de dominio arbitrarios con una subcadena autoconfig. inicial"
}
],
"id": "CVE-2020-24700",
"lastModified": "2024-11-21T05:15:50.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T08:15:13.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-05 20:59
Modified
2024-11-21 02:04
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.4.0 | |
| open-xchange | open-xchange_appsuite | 7.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4051DD61-3387-4CFB-9243-FCB602813F10",
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAEED7B-C295-42B4-A60B-2EAA596E3D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABF6E32-2996-4DCF-A4A2-197CCFAEE22C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Open-Xchange (OX) AppSuite anterior a 7.2.2-rev31, 7.4.0 anterior a 7.4.0-rev27, y 7.4.1 anterior a 7.4.1-rev17 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de la cabecera en un fichero SGV adjunto."
}
],
"id": "CVE-2014-1679",
"lastModified": "2024-11-21T02:04:48.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-05T20:59:00.057",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/56828"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/531005"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91059"
},
{
"source": "cve@mitre.org",
"url": "https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/531005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 03:33
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77DCBA3-CB5A-4F73-817E-717C8335463E",
"versionEndIncluding": "7.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing."
},
{
"lang": "es",
"value": "Open-Xchange GmbH OX App Suite versi\u00f3n 7.8.3 y anteriores, se ven afectados por: Suplantaci\u00f3n de Contenido."
}
],
"id": "CVE-2017-8341",
"lastModified": "2024-11-21T03:33:48.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-22T20:29:00.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-03 19:55
Modified
2024-11-21 01:57
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C706FA8C-6D31-40A4-8B5A-ED1CA206B1CA",
"versionEndIncluding": "7.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en Open-Xchange AppSuite anterior a v7.2.2 permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de (1) contenido con el tipo text/xml MIME o (2) el campo comentario de Status de una cita."
}
],
"id": "CVE-2013-5690",
"lastModified": "2024-11-21T01:57:56.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-03T19:55:04.540",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/528940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/528940"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:56
Severity ?
5.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
7.3 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.3 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D4F30E-2F52-4948-9C69-C57472833C79",
"versionEndExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Los endpoints de la API Imageconverter proporcionaban m\u00e9todos que no validaban ni sanitizaban correctamente la entrada del cliente, lo que permit\u00eda inyectar declaraciones SQL arbitrarias. Un atacante con acceso a la red adyacente y potencialmente credenciales API podr\u00eda leer y modificar el contenido de la base de datos al que puede acceder la cuenta de usuario SQL de imageconverter. Ninguno No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-29047",
"lastModified": "2024-11-21T07:56:26.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.0,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-02T14:15:11.280",
"references": [
{
"source": "security@open-xchange.com",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:56
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*",
"matchCriteriaId": "63233ABF-06E1-4819-B885-1028FEA3EB5A",
"versionEndIncluding": "7.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person\u0027s image within a browser. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. Archivos SVG pueden ser usados como im\u00e1genes de perfil. En caso de que su estructura XML contenga iframes y c\u00f3digo script, este c\u00f3digo podr\u00eda ser ejecutado al llamar a la URL de imagen relacionada o visualizar la imagen de la persona relacionada dentro de un navegador. Un c\u00f3digo script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesi\u00f3n o desencadenar acciones no deseadas a trav\u00e9s de la interfaz web (env\u00edo de correo, eliminaci\u00f3n de datos, etc.)."
}
],
"id": "CVE-2016-6850",
"lastModified": "2024-11-21T02:56:57.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:21.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 03:15
Modified
2024-11-21 07:14
Severity ?
Summary
OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3B06B3-8919-4D41-87A6-DA39189750B9",
"versionEndExcluding": "7.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FE68F102-2EE1-44FF-A8AB-6F71F62712D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*",
"matchCriteriaId": "4F5923E6-C4C1-492F-A130-65D102F67B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*",
"matchCriteriaId": "D703A274-D197-42B3-9720-70E6CCD9E825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*",
"matchCriteriaId": "D4D5F145-F2BA-4589-8B9A-B967069EA355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*",
"matchCriteriaId": "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*",
"matchCriteriaId": "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*",
"matchCriteriaId": "3FAD63B8-9158-4552-8987-3A418AC5A3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*",
"matchCriteriaId": "87793628-6C35-4137-B584-3AE2A8363AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*",
"matchCriteriaId": "06C14CAB-9C56-48A2-82FA-16110923CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*",
"matchCriteriaId": "2201C280-3674-4FA4-8176-723C175A2469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*",
"matchCriteriaId": "A3CB3836-AD68-4167-98FD-5B05CC9C92EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*",
"matchCriteriaId": "604CF453-CBBE-4123-B3ED-87A8CBF407DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*",
"matchCriteriaId": "6AF52278-E711-4656-9A1C-0A3A7F3C671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*",
"matchCriteriaId": "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*",
"matchCriteriaId": "8A0D1287-7A32-4F56-97F2-8573F12D8EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*",
"matchCriteriaId": "69858B8E-E4C7-485C-882A-206E07D7343F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*",
"matchCriteriaId": "C2B82BFA-39B6-4DC8-B691-3284FDCFA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*",
"matchCriteriaId": "FD4E8470-B8CE-4670-8334-86B817180E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*",
"matchCriteriaId": "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*",
"matchCriteriaId": "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*",
"matchCriteriaId": "41EA5F8E-05B5-4C4A-8853-B6948C358F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*",
"matchCriteriaId": "3E1A5843-F09A-4BBE-878D-C967E4061B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*",
"matchCriteriaId": "D579A835-6B7F-4C77-991F-C760CB8D3750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*",
"matchCriteriaId": "B4935091-B9B4-4EA7-8785-FE4529ACFEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*",
"matchCriteriaId": "33DAB50E-18A0-43CC-9043-5E2B722F3A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*",
"matchCriteriaId": "0E1E9E82-17E3-4B43-AD5B-BBAD25759950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*",
"matchCriteriaId": "E73BDC2E-3C39-454F-B929-8BB936F36AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*",
"matchCriteriaId": "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*",
"matchCriteriaId": "9EA739D6-10BD-48B4-9C30-92BE4381C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*",
"matchCriteriaId": "79219E01-26C2-462C-B604-783490F26565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*",
"matchCriteriaId": "6F121147-1AAB-4123-AFD2-31F39434819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*",
"matchCriteriaId": "52B9445C-4B0E-437A-BE3C-DBB8A621D354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*",
"matchCriteriaId": "979495B8-8BF0-41B0-9BD5-48554A9C8889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*",
"matchCriteriaId": "A82EF754-CCB7-4A03-8986-42BA76E6A2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*",
"matchCriteriaId": "F4CAFBCA-BD13-4295-A558-844716BA0C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*",
"matchCriteriaId": "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages."
},
{
"lang": "es",
"value": "OX App Suite hasta 7.10.6 permite XSS a trav\u00e9s de HTML en mensajes de texto/correo electr\u00f3nico sin formato."
}
],
"id": "CVE-2022-37308",
"lastModified": "2024-11-21T07:14:43.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T03:15:11.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-17 14:55
Modified
2024-11-21 02:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567B4139-220A-46A7-B847-616F99A1EA66",
"versionEndIncluding": "7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAEED7B-C295-42B4-A60B-2EAA596E3D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A22E01-73E0-4140-8BA1-AB147A9471CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el Frontend en Open-Xchange (OX) AppSuite anterior a 7.4.2-rev33 y 7.6.x anterior a 7.6.0-rev16 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores relacionados con campos no especificados en canales RSS."
}
],
"id": "CVE-2014-5235",
"lastModified": "2024-11-21T02:11:39.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-17T14:55:03.497",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61080"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/533443/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/69792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533443/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69792"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 02:15
Modified
2024-11-21 07:14
Severity ?
Summary
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3B06B3-8919-4D41-87A6-DA39189750B9",
"versionEndExcluding": "7.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FE68F102-2EE1-44FF-A8AB-6F71F62712D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*",
"matchCriteriaId": "4F5923E6-C4C1-492F-A130-65D102F67B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*",
"matchCriteriaId": "D703A274-D197-42B3-9720-70E6CCD9E825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*",
"matchCriteriaId": "D4D5F145-F2BA-4589-8B9A-B967069EA355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*",
"matchCriteriaId": "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*",
"matchCriteriaId": "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*",
"matchCriteriaId": "3FAD63B8-9158-4552-8987-3A418AC5A3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*",
"matchCriteriaId": "87793628-6C35-4137-B584-3AE2A8363AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*",
"matchCriteriaId": "06C14CAB-9C56-48A2-82FA-16110923CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*",
"matchCriteriaId": "2201C280-3674-4FA4-8176-723C175A2469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*",
"matchCriteriaId": "A3CB3836-AD68-4167-98FD-5B05CC9C92EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*",
"matchCriteriaId": "604CF453-CBBE-4123-B3ED-87A8CBF407DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*",
"matchCriteriaId": "6AF52278-E711-4656-9A1C-0A3A7F3C671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*",
"matchCriteriaId": "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*",
"matchCriteriaId": "8A0D1287-7A32-4F56-97F2-8573F12D8EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*",
"matchCriteriaId": "69858B8E-E4C7-485C-882A-206E07D7343F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*",
"matchCriteriaId": "C2B82BFA-39B6-4DC8-B691-3284FDCFA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*",
"matchCriteriaId": "FD4E8470-B8CE-4670-8334-86B817180E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*",
"matchCriteriaId": "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*",
"matchCriteriaId": "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*",
"matchCriteriaId": "41EA5F8E-05B5-4C4A-8853-B6948C358F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*",
"matchCriteriaId": "3E1A5843-F09A-4BBE-878D-C967E4061B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*",
"matchCriteriaId": "D579A835-6B7F-4C77-991F-C760CB8D3750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*",
"matchCriteriaId": "B4935091-B9B4-4EA7-8785-FE4529ACFEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*",
"matchCriteriaId": "33DAB50E-18A0-43CC-9043-5E2B722F3A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*",
"matchCriteriaId": "0E1E9E82-17E3-4B43-AD5B-BBAD25759950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*",
"matchCriteriaId": "E73BDC2E-3C39-454F-B929-8BB936F36AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*",
"matchCriteriaId": "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*",
"matchCriteriaId": "9EA739D6-10BD-48B4-9C30-92BE4381C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*",
"matchCriteriaId": "79219E01-26C2-462C-B604-783490F26565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*",
"matchCriteriaId": "6F121147-1AAB-4123-AFD2-31F39434819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*",
"matchCriteriaId": "52B9445C-4B0E-437A-BE3C-DBB8A621D354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*",
"matchCriteriaId": "979495B8-8BF0-41B0-9BD5-48554A9C8889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*",
"matchCriteriaId": "A82EF754-CCB7-4A03-8986-42BA76E6A2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*",
"matchCriteriaId": "F4CAFBCA-BD13-4295-A558-844716BA0C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*",
"matchCriteriaId": "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet."
},
{
"lang": "es",
"value": "OX App Suite hasta 7.10.6 tiene un consumo de recursos incontrolado a trav\u00e9s de un par\u00e1metro de solicitud de ubicaci\u00f3n grande al servlet de redirecci\u00f3n."
}
],
"id": "CVE-2022-37311",
"lastModified": "2024-11-21T07:14:44.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T02:15:09.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-21 15:59
Modified
2024-11-21 02:18
Severity ?
Summary
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF181B4-CEA4-4AF6-8B06-AE928A69AD3C",
"versionEndIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A22E01-73E0-4140-8BA1-AB147A9471CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Open-Xchange (OX) AppSuite anterior a 7.4.2-rev36 y 7.6.x anterior a 7.6.0-rev23 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de un llamada manipulada a la API jslob."
}
],
"id": "CVE-2014-7871",
"lastModified": "2024-11-21T02:18:10.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-21T15:59:02.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/533936/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/70982"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533936/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98563"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-05 20:29
Modified
2024-11-21 04:16
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jul/12 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1041213 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jul/12 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041213 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE77111-9626-48C1-9C13-6FF650B91363",
"versionEndIncluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "D4417841-A79D-479F-BBB4-13892CD29CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "11FED64F-98F2-4155-A34D-DCC0DCF55CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "544677BC-DEFB-45B8-BB08-124E5666A04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "ABA212B4-FC4B-4268-A778-23D588E76880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "10D10170-9528-49BB-88B8-92A4D016EA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "2DA48ACB-659B-408C-B7E1-945A6333C1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "449B4C7A-6287-4018-86AA-D34BEF8DB83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "8BF46085-0E23-4C9C-9899-30EB63EFC392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "39BB146E-14BF-4AC7-B267-3176545CBCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "64201845-70B6-4124-BA02-DE0646BE75A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E26B66B2-9BE8-4843-9B4B-D673FAC44023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2633E559-38E4-4024-BB5F-94EDFE5F93FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E804C89F-033F-43B3-B63B-172F9B2136CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*",
"matchCriteriaId": "0F7C6765-34DD-4326-99A8-F85DA19ECE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*",
"matchCriteriaId": "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*",
"matchCriteriaId": "B040A950-FEC3-465D-AD19-3AA8EE11AE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*",
"matchCriteriaId": "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "76D18DCA-5D64-4D38-99B0-1B984C402E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "46718CD2-0403-4DA2-B157-5714BD654EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "4BA1274B-9103-449F-ABD1-C898B716B433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "3BB485BC-3247-4E06-8017-118B597B0184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*",
"matchCriteriaId": "6C447C6E-6188-47C6-BC68-8FD99B49F2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "211647E5-8BCA-4393-B54B-CE382D5DF3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*",
"matchCriteriaId": "855C2E78-C554-43A7-BD3F-747053F45709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "64594DD5-2816-4123-A12C-505FE4480AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "30145547-3406-4639-A5AD-52EFAA734EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*",
"matchCriteriaId": "91040A22-04F6-43ED-A6A1-060703D285C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "5A3E2338-E774-4188-B352-B79FBB9C5511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "E8381BB7-3602-4DCF-A070-1067C277AAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "98B758CC-D26C-4B83-98E7-3BA4ECF96966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*",
"matchCriteriaId": "7BCE965A-70BE-4159-93D8-A2520C8C4CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*",
"matchCriteriaId": "1152B60C-3188-4BE7-897A-B09C5732ECAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*",
"matchCriteriaId": "5F1F087A-7373-4B7F-87BD-8509704F47CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*",
"matchCriteriaId": "D82CB956-9A14-49C5-8308-52198589BAC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*",
"matchCriteriaId": "2F202094-2A74-44DA-BB3A-06AF3326E544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*",
"matchCriteriaId": "DC128D82-A687-4043-AC01-9A329ED9F9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*",
"matchCriteriaId": "CBE4CF1D-B716-4992-B3DE-599AD7407780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*",
"matchCriteriaId": "49FCC4A7-3078-421A-A3A1-C58976F47262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "F57910B1-968D-4DF3-8C2D-9EB3765C7214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*",
"matchCriteriaId": "A07A8019-D7D7-4E1D-AEA7-DF509175393D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*",
"matchCriteriaId": "9FEEF620-CD8A-49C4-89D6-565503A1790F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6164303F-253E-440C-A45C-94FFF7B492AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "4DD257D7-D9B2-4036-92D6-3A923B7DC59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "36383B07-AF6C-4EDA-A35E-50633D1612A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "032B8B47-9E01-41B3-99D4-DECD4727DEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F7211571-4614-4169-A897-D0047304A4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "992082E5-5E00-40F0-8246-FD44D189C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "4279A168-8A9A-43FF-8766-738EE31D6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "5A734819-B817-4E54-89B1-B6A5FD52C758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*",
"matchCriteriaId": "63AFF50B-7ABD-455D-A2A5-05432B41E4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*",
"matchCriteriaId": "E2842D25-1A80-4403-B7A2-6E26527588E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*",
"matchCriteriaId": "7DAA5D88-75E9-4D77-9F34-AB456F0733F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*",
"matchCriteriaId": "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev22:*:*:*:*:*:*",
"matchCriteriaId": "FD42433D-4B5C-43F5-8C5C-D97C6C3E5613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev23:*:*:*:*:*:*",
"matchCriteriaId": "B30EB62B-FEAC-4E7C-8AB8-E27879E18006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev24:*:*:*:*:*:*",
"matchCriteriaId": "88A08BF6-4410-48F9-B4D9-FCCA7B6DBF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev25:*:*:*:*:*:*",
"matchCriteriaId": "49A24746-6C5E-48BE-A001-CB25BF0189D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev26:*:*:*:*:*:*",
"matchCriteriaId": "7DA74FDF-0313-4783-B69D-17861F228FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev27:*:*:*:*:*:*",
"matchCriteriaId": "949DD220-BFA8-4C5B-8334-5D545D336879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8681201A-5DB3-42A9-A203-9641B4459537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "C567F8B8-D9D0-4006-819C-C995C6573FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "07FEF270-E3ED-463D-9940-7FC9573E40C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "BF34B133-486B-4D77-8745-4D0E082FF8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en mail compose en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev31, versiones 7.8.x anteriores a la 7.8.2-rev31, versiones 7.8.3 anteriores a la 7.8.3-rev41 y versiones 7.8.4 anteriores a la 7.8.4-rev28 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante el atributo data-target en una p\u00e1gina HTML con gadgets data-toggle."
}
],
"id": "CVE-2018-9997",
"lastModified": "2024-11-21T04:16:00.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-05T20:29:00.903",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041213"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-20 13:15
Modified
2024-11-21 04:21
Severity ?
Summary
OX App Suite 7.10.1 and earlier has Insecure Permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "406B2F3E-3EF1-4BAA-ACC4-BE941F893CF6",
"versionEndIncluding": "7.10.1",
"versionStartIncluding": "7.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.1 and earlier has Insecure Permissions."
},
{
"lang": "es",
"value": "OX App Suite 7.10.1 y versiones anteriores tienen permisos inseguros."
}
],
"id": "CVE-2019-11806",
"lastModified": "2024-11-21T04:21:47.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T13:15:11.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 03:28
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77DCBA3-CB5A-4F73-817E-717C8335463E",
"versionEndIncluding": "7.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "Open-Xchange GmbH OX App Suite versi\u00f3n 7.8.3 y anteriores, se ven afectados por: Cross Site Scripting (XSS)."
}
],
"id": "CVE-2017-5864",
"lastModified": "2024-11-21T03:28:33.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-22T20:29:00.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-24 05:06
Modified
2024-11-21 02:06
Severity ?
Summary
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.4.1 | |
| open-xchange | open-xchange_appsuite | 7.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4051DD61-3387-4CFB-9243-FCB602813F10",
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABF6E32-2996-4DCF-A4A2-197CCFAEE22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A708019-6229-4768-994C-5A51B0495CAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history."
},
{
"lang": "es",
"value": "La funcionalidad de autoconfiguraci\u00f3n de E-Mail en Open-Xchange AppSuite anterior a 7.2.2-rev20, 7.4.1 anterior a 7.4.1-rev11 y 7.4.2 anterior a 7.4.2-rev13 situa a contrase\u00f1as en una solicitud GET, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante la lectura de (1) registros de acceso al servidor web, (2) registros Referer del servidor web o (3) el historial del navegador."
}
],
"id": "CVE-2014-2392",
"lastModified": "2024-11-21T02:06:12.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-24T05:06:05.623",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/531762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/531762"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-25 10:31
Modified
2024-11-21 01:58
Severity ?
Summary
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200."
},
{
"lang": "es",
"value": "La API Hazelcast cluster en Open-Xchange AppSuite v7.0.x anterior a v7.0.2-rev15 y v7.2.x anterior a v7.2.2-rev16 permite a atacantes remotos conseguir informaci\u00f3n sensible sobre la actividad en tiempo de ejecuci\u00f3n, configuraci\u00f3n de red, sesiones de usuarios, interfaz \"memcache\" y el interfaz REST a trav\u00e9s de llamadas API como hazelcast/rest/cluster/, una vulnerabilidad diferente a CVE-2013-5200."
}
],
"id": "CVE-2013-5936",
"lastModified": "2024-11-21T01:58:27.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-25T10:31:29.440",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-30 22:15
Modified
2024-11-21 06:06
Severity ?
Summary
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Not Applicable, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Not Applicable, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9451471A-06E1-456C-8B82-ADEB746B97C7",
"versionEndIncluding": "7.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone."
},
{
"lang": "es",
"value": "OX App Suite versiones 7.10.4 y anteriores permiten un ataque de tipo XSS por medio de un objeto de contacto dise\u00f1ado (carga \u00fatil en el campo position o company) que es manejado inapropiadamente en la Interfaz de Usuario App Suite en un tel\u00e9fono inteligente."
}
],
"id": "CVE-2021-31934",
"lastModified": "2024-11-21T06:06:32.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-30T22:15:07.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-26 20:55
Modified
2024-11-21 02:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567B4139-220A-46A7-B847-616F99A1EA66",
"versionEndIncluding": "7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAEED7B-C295-42B4-A60B-2EAA596E3D65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en Open-Xchange (OX) AppSuite v7.4.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de funciones oAuth no especificadas de la API."
}
],
"id": "CVE-2013-7142",
"lastModified": "2024-11-21T02:00:24.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-26T20:55:05.940",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/102193"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2014/Jan/57"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65012"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029650"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/102193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Jan/57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90545"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-20 13:15
Modified
2024-11-21 04:21
Severity ?
Summary
OX App Suite 7.10.1 allows Content Spoofing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4CC04-9CAA-467A-AE72-CF3AC970296C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.1 allows Content Spoofing."
},
{
"lang": "es",
"value": "OX App Suite 7.10.1 permite la suplantaci\u00f3n de contenido."
}
],
"id": "CVE-2019-11521",
"lastModified": "2024-11-21T04:21:16.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T13:15:11.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-22 17:15
Modified
2024-11-21 06:15
Severity ?
Summary
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*",
"matchCriteriaId": "D3CF4C4E-3FF0-4B4A-8246-8F8981D66180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5547:*:*:*:*:*:*",
"matchCriteriaId": "4284A4B4-42CF-4196-B990-0DE2AC7FF5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5572:*:*:*:*:*:*",
"matchCriteriaId": "1AF0528B-838B-4C80-B91D-D3009EFBD2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5623:*:*:*:*:*:*",
"matchCriteriaId": "927E4E17-02FC-46D6-B1EE-BBB6C710BE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5653:*:*:*:*:*:*",
"matchCriteriaId": "43DECDE0-C942-4B4B-A2E1-63B8E32B7334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5677:*:*:*:*:*:*",
"matchCriteriaId": "54F4578F-1515-4F60-B890-421CB3FB09C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5720:*:*:*:*:*:*",
"matchCriteriaId": "8853D9CE-A4F6-4935-BEA2-C039E867ADEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*",
"matchCriteriaId": "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev10:*:*:*:*:*:*",
"matchCriteriaId": "F7FD3C9C-7750-4907-BF23-65606E7A6966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev11:*:*:*:*:*:*",
"matchCriteriaId": "42BAD919-0599-4303-A7E3-5026AC8F415E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev12:*:*:*:*:*:*",
"matchCriteriaId": "6D0555E6-057D-475D-9EAF-F1EEC2D2157E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev13:*:*:*:*:*:*",
"matchCriteriaId": "CDDA5DF9-62FF-4E6F-943C-C70620D56AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "A9C26834-176A-4DD0-816E-87F12C2A0980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "63BA3355-83A5-4758-9208-574760D72AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "DEDF0974-91A9-4F6C-B31F-327EBBF2321A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "79FED998-07D0-457B-9CC4-1CDE8D6B26E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "27EAB5B4-8F1A-4069-B150-032BADA92C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev19:*:*:*:*:*:*",
"matchCriteriaId": "265D758D-DA32-46FC-B7A7-1B695C2E7972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*",
"matchCriteriaId": "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "FE723E1C-E86A-4BC0-85DD-B051B1773A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev21:*:*:*:*:*:*",
"matchCriteriaId": "E441FE6E-2653-4BAE-9EFC-AE195A442804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "516B7ACF-ABB8-4DBA-9E71-3B57B7C74376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "60236FC4-81DA-4ED6-8C5B-6BC9FF6A177B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "E186C7BC-F3EC-4B9E-97BC-59CE860DD99B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "FE494389-735E-47FC-9A12-5305FA11735F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "6BD572F0-1B43-4FB5-BAE2-A9169BACFABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev27:*:*:*:*:*:*",
"matchCriteriaId": "CD1EAF9A-189B-47B8-A00A-5604D1B8D8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "63318E39-A502-4AD8-9C8D-C15F08847BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "59C68527-4F08-4436-9D14-8BA65EEEFFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*",
"matchCriteriaId": "B031D97E-A967-4124-8A42-EFA4B3576124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "79A59F84-11DE-4560-A820-8E4F7B715888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "4C2F2472-91C4-48AF-979A-7C003BBD36CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*",
"matchCriteriaId": "649774E8-6489-4AD7-95A8-AAF7154B2C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "1AC0DD2C-02D1-4CA9-A05C-81359BD30FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev7:*:*:*:*:*:*",
"matchCriteriaId": "720B7107-09AC-41AB-97BB-DFC3FABFDB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev8:*:*:*:*:*:*",
"matchCriteriaId": "17E4B9E0-D5D3-4291-91A0-15885B559D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev9:*:*:*:*:*:*",
"matchCriteriaId": "7ECB4D19-C148-473B-B0C0-FD9007912F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:-:*:*:*:*:*:*",
"matchCriteriaId": "89BEBFB4-A028-4D5E-846E-7403D3491147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev1:*:*:*:*:*:*",
"matchCriteriaId": "FED62869-ACA8-42B1-9AFE-0C0535E2C2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "CB85F4BA-8E1B-490A-83FC-906EDF990750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "525841F3-E9ED-4593-9163-9DFA114EF5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev12:*:*:*:*:*:*",
"matchCriteriaId": "6382225F-80C8-4A21-AC5F-E1645B420DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "3EC95556-A105-4C03-AB54-AAB3A943A22F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "34BB4402-3151-4ED1-BC4E-F00A7E5FDB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "96FB19E6-E819-419A-B2C0-717F196A5A52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "433C2CBB-E3D7-4209-81DA-E183B2BF23A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "B2117B25-DABE-47B2-9337-5FAC000EC558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev2:*:*:*:*:*:*",
"matchCriteriaId": "97039EE9-3567-4C10-9A85-8BED8C76BEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "AF1AAB93-9205-47FB-BEC3-EC7DF9A20732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "E9A3E84C-665F-470C-8D19-31446ABFF7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "45C98776-55CE-4AF8-9141-75E0B86AE844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "E94C88CD-9A26-45DE-A408-956D693FDE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "005CA94F-FA8A-474C-8135-CA0158D192F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "4D01DFB9-FFE1-4635-8D59-E2325AADAAF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "B051C6E0-334E-45A2-990B-81FE7E4FB507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used."
},
{
"lang": "es",
"value": "OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de un fragmento de c\u00f3digo (contenido generado por el usuario) cuando es creado un enlace para compartir y una URL relativa de App Loader es usada"
}
],
"id": "CVE-2021-37403",
"lastModified": "2024-11-21T06:15:05.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-22T17:15:09.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Not Applicable",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Not Applicable",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de una imagen en l\u00ednea con un nombre de archivo dise\u00f1ado"
}
],
"id": "CVE-2021-23932",
"lastModified": "2024-11-21T05:52:04.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T22:15:12.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:51
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/538732/100/0/threaded | ||
| cve@mitre.org | http://www.securitytracker.com/id/1036157 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/538732/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036157 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev9:*:*:*:*:*:*",
"matchCriteriaId": "F8BB7BBD-7706-479D-B1DB-9EAC321913EB",
"versionEndIncluding": "7.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user\u0027s account."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev10. El frontend App Suite ofrece controlar si un usuario quiere almacenar cookies que exceden la duraci\u00f3n de sesi\u00f3n. Esta funcionalidad es \u00fatil cuando se inicia sesi\u00f3n desde clientes con privilegios reducidos o entornos compartidos. Sin embargo la configuraci\u00f3n fue reconocida incorrectamente y las cookies fueron almacenadas independientemente de estos ajustes cuando el inicio de sesi\u00f3n fue realizado usando un m\u00e9todo de inicio de sesi\u00f3n no interactivo. En caso de que el ajuste fuera forzado por la configuraci\u00f3n de middleware o el usuario pas\u00f3 por la p\u00e1gina de inicio de sesi\u00f3n interactiva, el flujo de trabajo era correcto. Las cookies con informaci\u00f3n de autenticaci\u00f3n pueden estar disponibles para otros usuarios en entornos compartidos. En caso de que el usuario no se haya desconectado correctamente de la sesi\u00f3n, los terceros con acceso al mismo cliente pueden acceder a la cuenta de un usuario."
}
],
"id": "CVE-2016-4027",
"lastModified": "2024-11-21T02:51:11.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:06.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-03 19:55
Modified
2024-11-21 01:58
Severity ?
Summary
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C706FA8C-6D31-40A4-8B5A-ED1CA206B1CA",
"versionEndIncluding": "7.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en Open-Xchange AppSuite anterior a la versi\u00f3n 7.2.2, cuando se usa AJP en ciertas condiciones, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de divisi\u00f3n de respuestas HTTP a trav\u00e9s del servlet ajax/defer."
}
],
"id": "CVE-2013-6009",
"lastModified": "2024-11-21T01:58:36.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-03T19:55:21.540",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/528940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/528940"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 04:59
Severity ?
Summary
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Aug/14 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Aug/14 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address."
},
{
"lang": "es",
"value": "OX App Suite versiones 7.10.3 y anteriores, presentan un Control de Acceso Incorrecto por medio de una petici\u00f3n de /api/subscriptions para un fragmento que contiene una direcci\u00f3n de correo electr\u00f3nico"
}
],
"id": "CVE-2020-12643",
"lastModified": "2024-11-21T04:59:58.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-31T15:15:10.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2024-11-21 01:52
Severity ?
Summary
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_server | 6.22.0 | |
| open-xchange | open-xchange_server | 6.22.1 | |
| open-xchange | open-xchange_server | 7.0.1 | |
| open-xchange | open-xchange_server | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58989467-7850-4D91-86D4-524EBE325869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BED21777-8642-49AC-A99F-87ED9B21FE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBAE267-EAB9-403A-8E1D-7C8EE68F0A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5500DAF-78C2-4E30-AB1C-EF623C43956B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en el servlet para redirigir en Open-Xchange AppSuite y Server anterior a v6.22.0 rev15, v6.22.1 anterior a rev17, v7.0.1 anterior a rev6, y v7.0.2 anterior a rev7 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de redirecci\u00f3n abierta mediante el aprovechamiento de saneamiento inadecuado de espacios en blanco."
}
],
"id": "CVE-2013-2582",
"lastModified": "2024-11-21T01:52:00.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-05T11:44:57.587",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-17 15:59
Modified
2024-11-21 02:20
Severity ?
Summary
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A708019-6229-4768-994C-5A51B0495CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A22E01-73E0-4140-8BA1-AB147A9471CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74858ACF-6B38-4403-90DE-2374BE699486",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the \"folder identifier.\""
},
{
"lang": "es",
"value": "Open-Xchange (OX) AppSuite and Server anterior a 7.4.2-rev42, 7.6.0 anterior a 7.6.0-rev36, y 7.6.1 anterior a 7.6.1-rev14 no maneja correctamente los permisos de directorios, lo que permite a usuarios remotos autenticados leer ficheros a trav\u00e9s de vectores no especificados, relacionado con el \u0027identificador de carpetas.\u0027"
}
],
"id": "CVE-2014-9466",
"lastModified": "2024-11-21T02:20:57.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-17T15:59:01.750",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534695/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/72587"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031744"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534695/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100867"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:51
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev9:*:*:*:*:*:*",
"matchCriteriaId": "F8BB7BBD-7706-479D-B1DB-9EAC321913EB",
"versionEndIncluding": "7.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev11. Los mensajes personalizados se pueden mostrar en la pantalla de inicio de sesi\u00f3n para notificar a los usuarios externos sobre problemas con los enlaces compartidos. Se puede abusar de este mecanismo para inyectar mensajes de texto arbitrarios. Usuarios pueden ser enga\u00f1ados para seguir instrucciones inyectadas por terceras partes como parte de ataques de ingenier\u00eda social."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/451.html\"\u003eCWE-451: User Interface (UI) Misrepresentation of Critical Information\u003c/a\u003e",
"id": "CVE-2016-4048",
"lastModified": "2024-11-21T02:51:14.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:12.143",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-17 20:15
Modified
2024-11-21 04:47
Severity ?
Summary
OX App Suite 7.10.0 and earlier has Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.open-xchange.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DB6300-616C-4A04-BFAC-1ACB2135329B",
"versionEndIncluding": "7.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.0 and earlier has Incorrect Access Control."
},
{
"lang": "es",
"value": "OX App Suite versi\u00f3n 7.10.0 y anteriores, presenta un control de acceso incorrecto."
}
],
"id": "CVE-2019-7158",
"lastModified": "2024-11-21T04:47:41.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-17T20:15:10.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:51
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev9:*:*:*:*:*:*",
"matchCriteriaId": "F8BB7BBD-7706-479D-B1DB-9EAC321913EB",
"versionEndIncluding": "7.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev11. Un c\u00f3digo script se puede incorporar a las fuentes RSS mediante una notaci\u00f3n de URL. En caso de que un usuario haga clic en el enlace correspondiente en el lector RSS de App Suite, el c\u00f3digo se ejecuta en el contexto del usuario. El c\u00f3digo script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesi\u00f3n o activar acciones no deseadas a trav\u00e9s de la interfaz web (env\u00edo de correo, eliminaci\u00f3n de datos, etc.). El atacante necesita estar dentro del mismo contexto para hacer que este ataque funcione."
}
],
"id": "CVE-2016-4045",
"lastModified": "2024-11-21T02:51:13.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:08.550",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:56
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93460 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93460 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*",
"matchCriteriaId": "63233ABF-06E1-4819-B885-1028FEA3EB5A",
"versionEndIncluding": "7.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client (\"Reflected File Download\"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. La petici\u00f3n API puede ser usada para inyectar, generar y descargar archivos ejecutables al cliente (\"Reflected File Download\"). Se puede crear un archivo por lotes espec\u00edfico de plataforma malintencionada (por ejemplo, Microsoft Windows) a trav\u00e9s de un dominio de confianza sin autenticaci\u00f3n que, si es ejecutado por el usuario, puede conducir a la ejecuci\u00f3n de c\u00f3digo local."
}
],
"id": "CVE-2016-6848",
"lastModified": "2024-11-21T02:56:57.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:20.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93460"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-14 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
OX App Suite 7.10.1 and 7.10.2 allows SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2019/Oct/25 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2019/Oct/25 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4CC04-9CAA-467A-AE72-CF3AC970296C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA29625-42CD-49CC-9E34-858CB6C5D28B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.1 and 7.10.2 allows SSRF."
},
{
"lang": "es",
"value": "OX App Suite versi\u00f3n 7.10.1 y versi\u00f3n 7.10.2 permite Server Side Request Forgery (SSRF)."
}
],
"id": "CVE-2019-14225",
"lastModified": "2024-11-21T04:26:14.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-14T17:15:09.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Oct/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Oct/25"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 16:29
Modified
2024-11-21 03:11
Severity ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "OX Software GmbH OX App Suite versi\u00f3n 7.8.4 y anteriores, se ven afectados por: Cross Site Scripting (XSS)."
}
],
"id": "CVE-2017-13668",
"lastModified": "2024-11-21T03:11:23.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T16:29:08.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:27
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Product | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77DCBA3-CB5A-4F73-817E-717C8335463E",
"versionEndIncluding": "7.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing."
},
{
"lang": "es",
"value": "Open-Xchange GmbH OX App Suite versi\u00f3n 7.8.3 y anteriores, se ven afectados por: Suplantaci\u00f3n de Contenido."
}
],
"id": "CVE-2017-5211",
"lastModified": "2024-11-21T03:27:17.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T15:29:00.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:27
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Product, Vendor Advisory | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E804C89F-033F-43B3-B63B-172F9B2136CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control."
},
{
"lang": "es",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 esta afectada por: Control de Acceso Incorrecto."
}
],
"id": "CVE-2017-5212",
"lastModified": "2024-11-21T03:27:17.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T15:29:00.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 03:33
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77DCBA3-CB5A-4F73-817E-717C8335463E",
"versionEndIncluding": "7.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control."
},
{
"lang": "es",
"value": "Open-Xchange GmbH OX App Suite versi\u00f3n 7.8.3 y anteriores, se ven afectados por: Control de Acceso Incorrecto."
}
],
"id": "CVE-2017-8340",
"lastModified": "2024-11-21T03:33:48.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-22T20:29:00.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 03:30
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77DCBA3-CB5A-4F73-817E-717C8335463E",
"versionEndIncluding": "7.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control."
},
{
"lang": "es",
"value": "Open-Xchange GmbH OX App Suite Versi\u00f3n 7.8.3 y anteriores, se ven afectados por: Control de Acceso Incorrecto."
}
],
"id": "CVE-2017-6912",
"lastModified": "2024-11-21T03:30:47.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-22T20:29:00.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.10.0/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 03:28
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77DCBA3-CB5A-4F73-817E-717C8335463E",
"versionEndIncluding": "7.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control."
},
{
"lang": "es",
"value": "Open-Xchange GmbH OX App Suite versi\u00f3n 7.8.3 y anteriores, se ven afectados por: Control de Acceso Incorrecto."
}
],
"id": "CVE-2017-5863",
"lastModified": "2024-11-21T03:28:33.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-22T20:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:56
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D4F30E-2F52-4948-9C69-C57472833C79",
"versionEndExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Las conexiones a fuentes de datos externas, como la configuraci\u00f3n autom\u00e1tica de correo electr\u00f3nico, no finalizaban en caso de que se agotara el tiempo de espera, sino que esas conexiones se registraban. Algunas conexiones utilizan endpoints controlados por el usuario, que podr\u00edan ser maliciosos e intentar mantener la conexi\u00f3n abierta durante un per\u00edodo prolongado. Como resultado, los usuarios pudieron activar una gran cantidad de conexiones de red de salida, lo que posiblemente agot\u00f3 los recursos del grupo de redes y bloque\u00f3 solicitudes leg\u00edtimas. Se ha introducido un nuevo mecanismo para cancelar conexiones externas que podr\u00edan acceder a endpoints controlados por el usuario. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-29046",
"lastModified": "2024-11-21T07:56:26.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-02T14:15:11.217",
"references": [
{
"source": "security@open-xchange.com",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-22 17:15
Modified
2024-11-21 05:56
Severity ?
Summary
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Jul/33 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Jul/33 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/33 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/33 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*",
"matchCriteriaId": "D3CF4C4E-3FF0-4B4A-8246-8F8981D66180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5547:*:*:*:*:*:*",
"matchCriteriaId": "4284A4B4-42CF-4196-B990-0DE2AC7FF5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5572:*:*:*:*:*:*",
"matchCriteriaId": "1AF0528B-838B-4C80-B91D-D3009EFBD2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5623:*:*:*:*:*:*",
"matchCriteriaId": "927E4E17-02FC-46D6-B1EE-BBB6C710BE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5653:*:*:*:*:*:*",
"matchCriteriaId": "43DECDE0-C942-4B4B-A2E1-63B8E32B7334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5677:*:*:*:*:*:*",
"matchCriteriaId": "54F4578F-1515-4F60-B890-421CB3FB09C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5720:*:*:*:*:*:*",
"matchCriteriaId": "8853D9CE-A4F6-4935-BEA2-C039E867ADEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*",
"matchCriteriaId": "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev10:*:*:*:*:*:*",
"matchCriteriaId": "F7FD3C9C-7750-4907-BF23-65606E7A6966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev11:*:*:*:*:*:*",
"matchCriteriaId": "42BAD919-0599-4303-A7E3-5026AC8F415E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev12:*:*:*:*:*:*",
"matchCriteriaId": "6D0555E6-057D-475D-9EAF-F1EEC2D2157E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev13:*:*:*:*:*:*",
"matchCriteriaId": "CDDA5DF9-62FF-4E6F-943C-C70620D56AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "A9C26834-176A-4DD0-816E-87F12C2A0980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "63BA3355-83A5-4758-9208-574760D72AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "DEDF0974-91A9-4F6C-B31F-327EBBF2321A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "79FED998-07D0-457B-9CC4-1CDE8D6B26E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "27EAB5B4-8F1A-4069-B150-032BADA92C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev19:*:*:*:*:*:*",
"matchCriteriaId": "265D758D-DA32-46FC-B7A7-1B695C2E7972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*",
"matchCriteriaId": "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "FE723E1C-E86A-4BC0-85DD-B051B1773A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev21:*:*:*:*:*:*",
"matchCriteriaId": "E441FE6E-2653-4BAE-9EFC-AE195A442804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "516B7ACF-ABB8-4DBA-9E71-3B57B7C74376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "60236FC4-81DA-4ED6-8C5B-6BC9FF6A177B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "E186C7BC-F3EC-4B9E-97BC-59CE860DD99B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "FE494389-735E-47FC-9A12-5305FA11735F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "6BD572F0-1B43-4FB5-BAE2-A9169BACFABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev27:*:*:*:*:*:*",
"matchCriteriaId": "CD1EAF9A-189B-47B8-A00A-5604D1B8D8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "63318E39-A502-4AD8-9C8D-C15F08847BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "59C68527-4F08-4436-9D14-8BA65EEEFFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*",
"matchCriteriaId": "B031D97E-A967-4124-8A42-EFA4B3576124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "79A59F84-11DE-4560-A820-8E4F7B715888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "4C2F2472-91C4-48AF-979A-7C003BBD36CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*",
"matchCriteriaId": "649774E8-6489-4AD7-95A8-AAF7154B2C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "1AC0DD2C-02D1-4CA9-A05C-81359BD30FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev7:*:*:*:*:*:*",
"matchCriteriaId": "720B7107-09AC-41AB-97BB-DFC3FABFDB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev8:*:*:*:*:*:*",
"matchCriteriaId": "17E4B9E0-D5D3-4291-91A0-15885B559D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev9:*:*:*:*:*:*",
"matchCriteriaId": "7ECB4D19-C148-473B-B0C0-FD9007912F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:-:*:*:*:*:*:*",
"matchCriteriaId": "89BEBFB4-A028-4D5E-846E-7403D3491147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev1:*:*:*:*:*:*",
"matchCriteriaId": "FED62869-ACA8-42B1-9AFE-0C0535E2C2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "CB85F4BA-8E1B-490A-83FC-906EDF990750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "525841F3-E9ED-4593-9163-9DFA114EF5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev12:*:*:*:*:*:*",
"matchCriteriaId": "6382225F-80C8-4A21-AC5F-E1645B420DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "3EC95556-A105-4C03-AB54-AAB3A943A22F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "34BB4402-3151-4ED1-BC4E-F00A7E5FDB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "96FB19E6-E819-419A-B2C0-717F196A5A52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "433C2CBB-E3D7-4209-81DA-E183B2BF23A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "B2117B25-DABE-47B2-9337-5FAC000EC558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev2:*:*:*:*:*:*",
"matchCriteriaId": "97039EE9-3567-4C10-9A85-8BED8C76BEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "AF1AAB93-9205-47FB-BEC3-EC7DF9A20732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "E9A3E84C-665F-470C-8D19-31446ABFF7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "45C98776-55CE-4AF8-9141-75E0B86AE844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "E94C88CD-9A26-45DE-A408-956D693FDE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "005CA94F-FA8A-474C-8135-CA0158D192F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "4D01DFB9-FFE1-4635-8D59-E2325AADAAF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "B051C6E0-334E-45A2-990B-81FE7E4FB507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used."
},
{
"lang": "es",
"value": "OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de un fragmento de c\u00f3digo (contenido generado por el usuario) cuando se crea un enlace para compartir y el par\u00e1metro dl es usado"
}
],
"id": "CVE-2021-26698",
"lastModified": "2024-11-21T05:56:41.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-22T17:15:09.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-12 09:15
Modified
2024-11-21 08:21
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7804FF21-94F6-4160-9628-B91ED4CDDCB6",
"versionEndExcluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3159C504-0462-4AA9-9137-F25961B67ED6",
"versionEndExcluding": "7.10.6",
"versionStartExcluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37B7CC3-A4D2-4CA5-8159-FE1A9016F9A0",
"versionEndExcluding": "8.20",
"versionStartExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7AB04398-3973-4503-959E-FA8EE511DA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3464:*:*:*:*:*:*",
"matchCriteriaId": "161CD641-C9EC-4FBE-BFFD-48C96FE71085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3519:*:*:*:*:*:*",
"matchCriteriaId": "73F1F959-F82B-4E00-91AE-C39037A93DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3569:*:*:*:*:*:*",
"matchCriteriaId": "E151E1EA-DA35-47CB-80C2-359518C213FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3627:*:*:*:*:*:*",
"matchCriteriaId": "156910B8-F553-4F4C-B990-131F04001AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3728:*:*:*:*:*:*",
"matchCriteriaId": "13248A9A-D131-4596-A511-A18A83F9D4C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3875:*:*:*:*:*:*",
"matchCriteriaId": "54936294-45A6-410B-B6F6-CC2CEFCE937E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3922:*:*:*:*:*:*",
"matchCriteriaId": "8EDB7577-5763-41A1-90A7-7D7F225F8C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3949:*:*:*:*:*:*",
"matchCriteriaId": "39B4BD56-3236-4AE0-93F6-F0E0190C77AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3991:*:*:*:*:*:*",
"matchCriteriaId": "6F20C5D9-6DCA-4F3F-A9A8-FACAE5C4AB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4047:*:*:*:*:*:*",
"matchCriteriaId": "F94B78AE-45FE-4BA7-BFD6-55767F8C3A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4133:*:*:*:*:*:*",
"matchCriteriaId": "B103D02E-C443-446B-A358-A052866BC624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4423:*:*:*:*:*:*",
"matchCriteriaId": "4D578FCB-EE90-4BB9-9E28-DC1FA139787C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4470:*:*:*:*:*:*",
"matchCriteriaId": "71380C28-6A25-425B-BE7F-6D06E0CE5C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4552:*:*:*:*:*:*",
"matchCriteriaId": "DDBF0D2F-2C22-448E-A0D2-E66527188928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4667:*:*:*:*:*:*",
"matchCriteriaId": "50EC169C-73B6-40F5-8C7A-6DD71DC19893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4750:*:*:*:*:*:*",
"matchCriteriaId": "4B2CA948-280B-4EB8-9309-B016C9557A64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4789:*:*:*:*:*:*",
"matchCriteriaId": "36511A48-EBD8-40C2-A1FB-10F33264CF3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4839:*:*:*:*:*:*",
"matchCriteriaId": "EBE8374F-0D7D-422F-83AC-ADF9B9E6E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4860:*:*:*:*:*:*",
"matchCriteriaId": "285B9A4B-6F4F-4899-AD2A-57E22BF9F7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4895:*:*:*:*:*:*",
"matchCriteriaId": "5BAD0604-90FC-4647-854A-E10330579B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5104:*:*:*:*:*:*",
"matchCriteriaId": "7F26505E-0F61-40A2-B6BA-17C7E30D375C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5165:*:*:*:*:*:*",
"matchCriteriaId": "FD3E0ABC-2DAC-4441-96DB-BD84DD8B8E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5231:*:*:*:*:*:*",
"matchCriteriaId": "347700F5-3BDA-4DA3-AA81-4D593E131AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5537:*:*:*:*:*:*",
"matchCriteriaId": "5EF075DE-44C7-4FC0-9BD7-E7A2C95651D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5637:*:*:*:*:*:*",
"matchCriteriaId": "5CB6B4D0-E2B8-44F3-877B-293325EF44A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5910:*:*:*:*:*:*",
"matchCriteriaId": "716CC742-9F23-4734-9CFF-338A231476D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*",
"matchCriteriaId": "0F56A261-EC62-423C-B487-35EA9D4A83FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*",
"matchCriteriaId": "D295E160-C87A-498D-AB0E-BA1E50825249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*",
"matchCriteriaId": "A30BE138-D745-4F0E-AAE4-202A1C769C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*",
"matchCriteriaId": "7CF4FCB9-7360-4ABB-95FB-0239CDC8D3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*",
"matchCriteriaId": "465DD666-3499-4911-A1DF-6BAAFCCFA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*",
"matchCriteriaId": "6F18CEDC-5D7A-4496-8B5E-59EBEA4362BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*",
"matchCriteriaId": "8C1DE547-F217-4518-AD90-3607AE21F6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known."
},
{
"lang": "es",
"value": "Se puede abusar del procesamiento de referencias de CID en el correo electr\u00f3nico para inyectar c\u00f3digo de script malicioso que pasa el motor de sanitizaci\u00f3n. Se podr\u00eda inyectar c\u00f3digo de script malicioso en las sesiones de un usuario al interactuar con correos electr\u00f3nicos. Implemente las actualizaciones y lanzamientos de parches proporcionados. Se ha mejorado la gesti\u00f3n de CID y se comprueba el contenido resultante en busca de contenido malicioso. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-41704",
"lastModified": "2024-11-21T08:21:30.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-12T09:15:10.697",
"references": [
{
"source": "security@open-xchange.com",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-28 16:59
Modified
2024-11-21 02:32
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev19:*:*:*:*:*:*",
"matchCriteriaId": "39C9EC22-8E52-4C03-A8A5-B304C327D353",
"versionEndIncluding": "7.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA0371D-7E0E-4DC0-AC16-360BA998EB95",
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en di\u00e1logos no especificados para imprimir contenido en el Front End en Open-Xchange Server 6 y OX App Suite en versiones anteriores a 6.22.8-rev8, 6.22.9 en versiones anteriores a 6.22.9-rev15m, 7.x en versiones anteriores a 7.6.1-rev25 y 7.6.2 en versiones anteriores a 7.6.2-rev20, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores desconocidos relacionados con las propiedades del objeto."
}
],
"id": "CVE-2015-5375",
"lastModified": "2024-11-21T02:32:54.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-28T16:59:08.193",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536523/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536523/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034018"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-25 10:31
Modified
2024-11-21 01:58
Severity ?
Summary
Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200."
},
{
"lang": "es",
"value": "Open-Xchange AppSuite v7.0.x anterior a v7.0.2-rev15 y v7.2.x anterior a v7.2.2-rev16 tiene una contrase\u00f1a incrustada para operaciones de adhesi\u00f3n de nodos, lo que permite a atacantes remotos expandir un grupo encontrando esta contrase\u00f1a en el c\u00f3digo fuente y envi\u00e1ndola en una llamada Hazelcast cluster. Una vulnerabilidad diferente de CVE-2013-5200."
}
],
"id": "CVE-2013-5934",
"lastModified": "2024-11-21T01:58:27.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-25T10:31:29.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-30 15:29
Modified
2024-11-21 03:45
Severity ?
Summary
OX App Suite 7.8.4 and earlier allows Directory Traversal.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.8.4 and earlier allows Directory Traversal."
},
{
"lang": "es",
"value": "OX App Suite, en su versi\u00f3n 7.8.4 y anteriores, permite saltos de directorio."
}
],
"id": "CVE-2018-12611",
"lastModified": "2024-11-21T03:45:32.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-30T15:29:03.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-09 00:55
Modified
2024-11-21 02:00
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E10052-CF1B-4A96-87DD-8AEEBC96E4E6",
"versionEndIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing \"crafted hyperlinks with script URL handlers.\""
},
{
"lang": "es",
"value": "Multiple cross-site scripting (XSS) en Open-Xchange (OX) AppSuite 7.4.0 y anteriores que permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) un correo electr\u00f3nico HTML con c\u00f3digo CSS manipulado que contiene caracteres comod\u00edn o (2) la oficina documentos que contienen \"hiperv\u00ednculos manipulados con manejadores de script de URL.\""
}
],
"id": "CVE-2013-6997",
"lastModified": "2024-11-21T02:00:07.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-09T00:55:03.097",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/101714"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/101715"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/530681/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64676"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029554"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/101714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/101715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/530681/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90113"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-12 09:15
Modified
2024-11-21 08:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.
No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7804FF21-94F6-4160-9628-B91ED4CDDCB6",
"versionEndExcluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3159C504-0462-4AA9-9137-F25961B67ED6",
"versionEndExcluding": "7.10.6",
"versionStartExcluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37B7CC3-A4D2-4CA5-8159-FE1A9016F9A0",
"versionEndExcluding": "8.20",
"versionStartExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7AB04398-3973-4503-959E-FA8EE511DA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3464:*:*:*:*:*:*",
"matchCriteriaId": "161CD641-C9EC-4FBE-BFFD-48C96FE71085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3519:*:*:*:*:*:*",
"matchCriteriaId": "73F1F959-F82B-4E00-91AE-C39037A93DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3569:*:*:*:*:*:*",
"matchCriteriaId": "E151E1EA-DA35-47CB-80C2-359518C213FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3627:*:*:*:*:*:*",
"matchCriteriaId": "156910B8-F553-4F4C-B990-131F04001AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3728:*:*:*:*:*:*",
"matchCriteriaId": "13248A9A-D131-4596-A511-A18A83F9D4C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3875:*:*:*:*:*:*",
"matchCriteriaId": "54936294-45A6-410B-B6F6-CC2CEFCE937E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3922:*:*:*:*:*:*",
"matchCriteriaId": "8EDB7577-5763-41A1-90A7-7D7F225F8C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3949:*:*:*:*:*:*",
"matchCriteriaId": "39B4BD56-3236-4AE0-93F6-F0E0190C77AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3991:*:*:*:*:*:*",
"matchCriteriaId": "6F20C5D9-6DCA-4F3F-A9A8-FACAE5C4AB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4047:*:*:*:*:*:*",
"matchCriteriaId": "F94B78AE-45FE-4BA7-BFD6-55767F8C3A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4133:*:*:*:*:*:*",
"matchCriteriaId": "B103D02E-C443-446B-A358-A052866BC624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4423:*:*:*:*:*:*",
"matchCriteriaId": "4D578FCB-EE90-4BB9-9E28-DC1FA139787C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4470:*:*:*:*:*:*",
"matchCriteriaId": "71380C28-6A25-425B-BE7F-6D06E0CE5C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4552:*:*:*:*:*:*",
"matchCriteriaId": "DDBF0D2F-2C22-448E-A0D2-E66527188928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4667:*:*:*:*:*:*",
"matchCriteriaId": "50EC169C-73B6-40F5-8C7A-6DD71DC19893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4750:*:*:*:*:*:*",
"matchCriteriaId": "4B2CA948-280B-4EB8-9309-B016C9557A64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4789:*:*:*:*:*:*",
"matchCriteriaId": "36511A48-EBD8-40C2-A1FB-10F33264CF3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4839:*:*:*:*:*:*",
"matchCriteriaId": "EBE8374F-0D7D-422F-83AC-ADF9B9E6E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4860:*:*:*:*:*:*",
"matchCriteriaId": "285B9A4B-6F4F-4899-AD2A-57E22BF9F7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4895:*:*:*:*:*:*",
"matchCriteriaId": "5BAD0604-90FC-4647-854A-E10330579B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5104:*:*:*:*:*:*",
"matchCriteriaId": "7F26505E-0F61-40A2-B6BA-17C7E30D375C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5165:*:*:*:*:*:*",
"matchCriteriaId": "FD3E0ABC-2DAC-4441-96DB-BD84DD8B8E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5231:*:*:*:*:*:*",
"matchCriteriaId": "347700F5-3BDA-4DA3-AA81-4D593E131AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5537:*:*:*:*:*:*",
"matchCriteriaId": "5EF075DE-44C7-4FC0-9BD7-E7A2C95651D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5637:*:*:*:*:*:*",
"matchCriteriaId": "5CB6B4D0-E2B8-44F3-877B-293325EF44A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5910:*:*:*:*:*:*",
"matchCriteriaId": "716CC742-9F23-4734-9CFF-338A231476D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*",
"matchCriteriaId": "0F56A261-EC62-423C-B487-35EA9D4A83FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*",
"matchCriteriaId": "D295E160-C87A-498D-AB0E-BA1E50825249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*",
"matchCriteriaId": "A30BE138-D745-4F0E-AAE4-202A1C769C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*",
"matchCriteriaId": "7CF4FCB9-7360-4ABB-95FB-0239CDC8D3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*",
"matchCriteriaId": "465DD666-3499-4911-A1DF-6BAAFCCFA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*",
"matchCriteriaId": "6F18CEDC-5D7A-4496-8B5E-59EBEA4362BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*",
"matchCriteriaId": "8C1DE547-F217-4518-AD90-3607AE21F6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.\r\n No publicly available exploits are known."
},
{
"lang": "es",
"value": "El procesamiento de expresiones de b\u00fasqueda de correo definidas por el usuario no est\u00e1 limitado. La disponibilidad de OX App Suite podr\u00eda verse reducida debido a la alta carga de procesamiento. Implemente las actualizaciones y lanzamientos de parches proporcionados. Ahora se supervisa el tiempo de procesamiento de las expresiones de b\u00fasqueda de correo y la solicitud relacionada finaliza si se alcanza un umbral de recursos. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-41707",
"lastModified": "2024-11-21T08:21:30.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-12T09:15:11.253",
"references": [
{
"source": "security@open-xchange.com",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 03:46
Severity ?
Summary
OX App Suite 7.8.4 and earlier allows SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jan/46 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jan/46 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.8.4 and earlier allows SSRF."
},
{
"lang": "es",
"value": "OX App Suite, en versiones 7.8.4 y anteriores, permite Server-Side Request Forgery (SSRF)."
}
],
"id": "CVE-2018-13103",
"lastModified": "2024-11-21T03:46:26.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:00:17.093",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/46"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS mediante el uso de la API conversion para un archivo distribuido"
}
],
"id": "CVE-2021-23930",
"lastModified": "2024-11-21T05:52:04.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T22:15:12.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-03 20:15
Modified
2024-11-21 05:23
Severity ?
Summary
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9451471A-06E1-456C-8B82-ADEB746B97C7",
"versionEndIncluding": "7.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item."
},
{
"lang": "es",
"value": "OX App Suite versiones 7.10.4 y anteriores, permiten un ataque de tipo XSS por medio de contenido dise\u00f1ado para llegar a una funci\u00f3n no documentada, tal y como ![](http://onerror=Function.constructor, en un item de Notes."
}
],
"id": "CVE-2020-28945",
"lastModified": "2024-11-21T05:23:21.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-03T20:15:08.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-06 20:15
Modified
2024-11-21 04:31
Severity ?
Summary
OX App Suite through 7.10.2 has Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CF4B9A-D36A-4A8E-B2A2-34C0CA70A24C",
"versionEndIncluding": "7.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.2 has Incorrect Access Control."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta la versi\u00f3n 7.10.2, presenta un Control de Acceso Incorrecto."
}
],
"id": "CVE-2019-16716",
"lastModified": "2024-11-21T04:31:02.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-06T20:15:12.087",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:13
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Product | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "Open-Xchange GmbH OX App Suite versi\u00f3n 7.8.4 y anteriores, se ven afectados por: Cross Site Scripting (XSS)."
}
],
"id": "CVE-2017-15030",
"lastModified": "2024-11-21T03:13:58.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T15:29:00.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 05:39
Severity ?
Summary
OX App Suite through 7.10.3 allows XSS.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B8D06749-1B27-4C7C-9436-1AD842471D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev1:*:*:*:*:*:*",
"matchCriteriaId": "368ECEBC-4553-4A2A-8A2A-A4B8909C321D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev10:*:*:*:*:*:*",
"matchCriteriaId": "33BFF8F7-DB19-4F7B-9FED-5D3E50E31C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev11:*:*:*:*:*:*",
"matchCriteriaId": "8E60A592-965B-4ECD-BE52-C8BCF8164A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev12:*:*:*:*:*:*",
"matchCriteriaId": "37DC59B1-D23F-40EB-9F54-0BBBC8FA86E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev13:*:*:*:*:*:*",
"matchCriteriaId": "91897609-C38E-47ED-9A45-34C26ACD4558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev14:*:*:*:*:*:*",
"matchCriteriaId": "68CD6B95-5EAA-4D14-8958-787E7B8ADD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev15:*:*:*:*:*:*",
"matchCriteriaId": "A4EBEBD1-9E8A-4C18-95FA-E7D83A7DC557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev16:*:*:*:*:*:*",
"matchCriteriaId": "6BAF8872-87D9-4271-80AA-E4200E6D8F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev17:*:*:*:*:*:*",
"matchCriteriaId": "E0FDDD1D-7EDC-4ED8-9288-DA1976B044FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev18:*:*:*:*:*:*",
"matchCriteriaId": "AE6BC6B0-66A7-4B0A-9B11-E41A3C29064D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev19:*:*:*:*:*:*",
"matchCriteriaId": "0B981446-14BE-43A9-86FE-F282E8DA393D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev2:*:*:*:*:*:*",
"matchCriteriaId": "4190E7EF-E9BF-4B87-B5A7-F1C5639CF701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev20:*:*:*:*:*:*",
"matchCriteriaId": "DC995A29-A9DB-4160-BEAD-7E6A3606F802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev21:*:*:*:*:*:*",
"matchCriteriaId": "890672A1-63E4-45BA-B4A7-B1DCFCE03E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev22:*:*:*:*:*:*",
"matchCriteriaId": "32AB90D5-CF22-45E4-A7E5-A3BC355C051A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev23:*:*:*:*:*:*",
"matchCriteriaId": "4287D478-7B66-4B94-AF06-FCFA3E3A49E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev24:*:*:*:*:*:*",
"matchCriteriaId": "6949270A-47D6-495B-8B3A-CC97351E0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev25:*:*:*:*:*:*",
"matchCriteriaId": "FF8F4DA7-035F-4C6E-9E97-265CC57A548B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev26:*:*:*:*:*:*",
"matchCriteriaId": "F6C50535-9E15-418A-8908-23C247CCF861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev27:*:*:*:*:*:*",
"matchCriteriaId": "8503C015-94AF-419C-95DE-1A1043811B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8DF4B515-D246-44A9-B4FA-094E33840EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev4:*:*:*:*:*:*",
"matchCriteriaId": "20D6F057-6D60-45CD-AF64-A17655FE4332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev5:*:*:*:*:*:*",
"matchCriteriaId": "8AAEEE04-5D35-4007-9C19-47139D574C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev6:*:*:*:*:*:*",
"matchCriteriaId": "534A44A6-9F3F-4A95-8397-1264537AF98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev7:*:*:*:*:*:*",
"matchCriteriaId": "0FDC984D-9BA2-44A8-A448-0B5FFD3714F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev8:*:*:*:*:*:*",
"matchCriteriaId": "10C3CE2E-D599-4E7B-8DF7-CE143D38C248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev9:*:*:*:*:*:*",
"matchCriteriaId": "5D50AB43-34ED-4514-A46D-17DCE8C0E13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A1E055C3-BE99-4EB8-8D28-1275A1607E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev1:*:*:*:*:*:*",
"matchCriteriaId": "3A43F58A-EF5F-470F-AD23-EA211A257B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev10:*:*:*:*:*:*",
"matchCriteriaId": "AF15D091-E31B-4AF7-8565-A545338443D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev11:*:*:*:*:*:*",
"matchCriteriaId": "6530A58D-89B1-4991-8182-2CB39FF0607D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev12:*:*:*:*:*:*",
"matchCriteriaId": "359C31C1-FC65-4DB5-AC13-78752B991D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev13:*:*:*:*:*:*",
"matchCriteriaId": "20B39EEB-AE1F-41EF-BDA2-0C05583C19A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev14:*:*:*:*:*:*",
"matchCriteriaId": "6814E0FE-C61F-4621-BCE9-E315FD27BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev15:*:*:*:*:*:*",
"matchCriteriaId": "C500DC8B-1E2D-4D9E-89BF-DB1F583FCE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev16:*:*:*:*:*:*",
"matchCriteriaId": "B31AF178-6903-4C9C-85D0-4FC64B523D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev17:*:*:*:*:*:*",
"matchCriteriaId": "78BBF7A1-2683-4A1A-A907-22AA08547C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev18:*:*:*:*:*:*",
"matchCriteriaId": "8E8D7027-437A-4ACA-A4A1-34F2A1E49EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev19:*:*:*:*:*:*",
"matchCriteriaId": "233AF909-1320-4F50-98AE-0C3597EB77B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev2:*:*:*:*:*:*",
"matchCriteriaId": "8B99076E-CAAF-478A-A6CA-5F4D555F4F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev3:*:*:*:*:*:*",
"matchCriteriaId": "71AD5083-1D8A-4F84-8263-EB724F2BAFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev4:*:*:*:*:*:*",
"matchCriteriaId": "F2E2CBB1-66E4-463E-9C13-36311A5E57CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev5:*:*:*:*:*:*",
"matchCriteriaId": "78419EB9-7DBD-4D86-9D9F-D207BE4A5606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev6:*:*:*:*:*:*",
"matchCriteriaId": "6CFDEA47-85E0-468F-ACE1-D246C690B8D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev7:*:*:*:*:*:*",
"matchCriteriaId": "51A93D40-8EC9-42FA-88B5-2C6A105D45DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev8:*:*:*:*:*:*",
"matchCriteriaId": "990A037D-78A9-4BA5-B0E6-66D33B553CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev9:*:*:*:*:*:*",
"matchCriteriaId": "84AB3311-A474-43B3-A613-F876042473A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*",
"matchCriteriaId": "D3CF4C4E-3FF0-4B4A-8246-8F8981D66180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*",
"matchCriteriaId": "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*",
"matchCriteriaId": "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*",
"matchCriteriaId": "B031D97E-A967-4124-8A42-EFA4B3576124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*",
"matchCriteriaId": "649774E8-6489-4AD7-95A8-AAF7154B2C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows XSS."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS"
}
],
"id": "CVE-2020-8542",
"lastModified": "2024-11-21T05:39:00.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-16T14:15:11.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158932/OX-App-Suite-OX-Documents-XSS-SSRF-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:51
Severity ?
5.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D4F30E-2F52-4948-9C69-C57472833C79",
"versionEndExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "RMI no requer\u00eda autenticaci\u00f3n al llamar a ChronosRMIService:setEventOrganizer. Los atacantes con acceso a la red local o adyacente podr\u00edan abusar del servicio RMI para modificar elementos del calendario utilizando RMI. El acceso RMI est\u00e1 restringido a localhost de forma predeterminada. La interfaz se ha actualizada para requerir solicitudes autenticadas. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-26455",
"lastModified": "2024-11-21T07:51:30.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 4.7,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-02T14:15:10.873",
"references": [
{
"source": "security@open-xchange.com",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:56
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*",
"matchCriteriaId": "63233ABF-06E1-4819-B885-1028FEA3EB5A",
"versionEndIncluding": "7.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. Un c\u00f3digo script puede ser inyectado en nombres de contactos. Cuando se a\u00f1aden estos contactos a un grupo, el c\u00f3digo script es ejecutado en el contexto del usuario que crea o cambia el grupo utilizando el autocompletado. En muchos casos se trata de un usuario con permisos elevados. El c\u00f3digo script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesi\u00f3n o activar acciones no deseadas a trav\u00e9s de la interfaz web (env\u00edo de correo, eliminaci\u00f3n de datos, etc.)."
}
],
"id": "CVE-2016-6843",
"lastModified": "2024-11-21T02:56:56.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:16.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via the subject of a task.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Not Applicable, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Not Applicable, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9451471A-06E1-456C-8B82-ADEB746B97C7",
"versionEndIncluding": "7.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via the subject of a task."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio del asunto de una tarea"
}
],
"id": "CVE-2021-23936",
"lastModified": "2024-11-21T05:52:05.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T22:15:13.010",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:27
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Product | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77DCBA3-CB5A-4F73-817E-717C8335463E",
"versionEndIncluding": "7.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "Open-Xchange GmbH OX App Suite versi\u00f3n 7.8.3 y anteriores, se ven afectados por: Cross Site Scripting (XSS)."
}
],
"id": "CVE-2017-5213",
"lastModified": "2024-11-21T03:27:17.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T15:29:00.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-25 10:31
Modified
2024-11-21 01:57
Severity ?
Summary
The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call."
},
{
"lang": "es",
"value": "Los interfaces (1) REST y (2) memcache en Hazelcast cluster API de Open-Xchange AppSuite 7.0.x (anteriores a 7.0.2-rev15) y 7.2.x (anteriores a 7.2.2-rev16) no requieren autenticaci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible o modificar datos a trav\u00e9s de una llamada al API."
}
],
"id": "CVE-2013-5200",
"lastModified": "2024-11-21T01:57:12.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-25T10:31:29.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-26 20:55
Modified
2024-11-21 02:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567B4139-220A-46A7-B847-616F99A1EA66",
"versionEndIncluding": "7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAEED7B-C295-42B4-A60B-2EAA596E3D65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted \"\u003c%\" tags."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en Open-Xchange (OX) AppSuite v7.4.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de vectores no especificados relacionados con etiquetas \"\u003c%\" manipuladas."
}
],
"id": "CVE-2013-7141",
"lastModified": "2024-11-21T02:00:24.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-26T20:55:05.907",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/102192"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2014/Jan/57"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65009"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029650"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/102192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Jan/57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90544"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo XSS por medio de la cadena de consulta ajax/apps/manifiestos"
}
],
"id": "CVE-2021-23928",
"lastModified": "2024-11-21T05:52:03.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T22:15:12.510",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-18 20:29
Modified
2024-11-21 03:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gquere/CVE-2017-6913 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gquere/CVE-2017-6913 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE77111-9626-48C1-9C13-6FF650B91363",
"versionEndIncluding": "7.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) en Open-Xchange webmail en versiones anteriores a la 7.6.3-rev28 permite que atacantes remotos inyecten scripts web o HTML mediante el atributo event en una etiqueta time."
}
],
"id": "CVE-2017-6913",
"lastModified": "2024-11-21T03:30:47.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-18T20:29:00.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/gquere/CVE-2017-6913"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/gquere/CVE-2017-6913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4133_7.6.3_2017-05-15.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:51
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev9:*:*:*:*:*:*",
"matchCriteriaId": "F8BB7BBD-7706-479D-B1DB-9EAC321913EB",
"versionEndIncluding": "7.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev11. La API para configurar cuentas de email externas puede ser usada de forma abusiva para mapear y acceder a componentes de red dentro de los l\u00edmites de confianza del operador. Usuarios pueden inyectar anfitriones y puertos arbitrarios a llamadas API. Dependiendo del tipo de respuesta, el contenido y la latencia, se puede recopilar informaci\u00f3n sobre la existencia de anfitriones y servicios. Atacantes pueden acceder a informaci\u00f3n de configuraci\u00f3n interna sobre la infraestructura de un operador para preparar futuros ataques."
}
],
"id": "CVE-2016-4046",
"lastModified": "2024-11-21T02:51:13.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:09.880",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 21:29
Modified
2024-11-21 02:25
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/535388/100/1100/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/74350 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1032202 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/535388/100/1100/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74350 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032202 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.1 | |
| open-xchange | open-xchange_server | 6.0 | |
| open-xchange | open-xchange_server | 6.22.12 | |
| open-xchange | open-xchange_server | 6.22.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF181B4-CEA4-4AF6-8B06-AE928A69AD3C",
"versionEndIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A22E01-73E0-4140-8BA1-AB147A9471CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74858ACF-6B38-4403-90DE-2374BE699486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E40613D-28CC-4E3E-AE6F-8EBE414DFD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.12:*:*:*:*:*:*:*",
"matchCriteriaId": "576FEC20-B2A3-4CC8-841C-67D8E34BD74E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5789FA-F70C-404A-8379-DE9D4783EAD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en Open-Xchange Server 6 y OX AppSuite, versiones anteriores a la 7.4.2-rev43, 7.6.0-rev38 y 7.6.1-rev21."
}
],
"id": "CVE-2015-1588",
"lastModified": "2024-11-21T02:25:43.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T21:29:00.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/535388/100/1100/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74350"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/131649/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535388/100/1100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032202"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-22 19:29
Modified
2024-11-21 03:36
Severity ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure."
},
{
"lang": "es",
"value": "OX Software GmbH OX App Suite 7.8.4 y versi\u00f3n anterior, se ven afectados por: Exposici\u00f3n de Informaci\u00f3n."
}
],
"id": "CVE-2017-9809",
"lastModified": "2024-11-21T03:36:54.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-22T19:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-10 15:29
Modified
2024-11-21 02:05
Severity ?
Summary
The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/archive/1/531502/100/0/threaded | Mitigation, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/92017 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/531502/100/0/threaded | Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/92017 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A708019-6229-4768-994C-5A51B0495CAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts."
},
{
"lang": "es",
"value": "El backend en Open-Xchange (OX) AppSuite, en versiones 7.4.2 anteriores a la 7.4.2-rev9, permite que atacantes remotos obtengan informaci\u00f3n sensible sobre direcciones de email de usuarios en circunstancias oportunistas aprovechando un error en la autoconfiguraci\u00f3n de email para cuentas externas."
}
],
"id": "CVE-2014-2078",
"lastModified": "2024-11-21T02:05:35.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-10T15:29:00.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/531502/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/531502/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92017"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 08:15
Modified
2024-11-21 05:15
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9451471A-06E1-456C-8B82-ADEB746B97C7",
"versionEndIncluding": "7.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI)."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio del mecanismo de carga de la aplicaci\u00f3n (el par\u00e1metro PATH_INFO en el URI /appsuite)"
}
],
"id": "CVE-2020-24701",
"lastModified": "2024-11-21T05:15:52.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T08:15:13.463",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-12 09:15
Modified
2024-11-21 08:21
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D4F30E-2F52-4948-9C69-C57472833C79",
"versionEndExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37B7CC3-A4D2-4CA5-8159-FE1A9016F9A0",
"versionEndExcluding": "8.20",
"versionStartExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*",
"matchCriteriaId": "0F56A261-EC62-423C-B487-35EA9D4A83FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*",
"matchCriteriaId": "D295E160-C87A-498D-AB0E-BA1E50825249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*",
"matchCriteriaId": "A30BE138-D745-4F0E-AAE4-202A1C769C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*",
"matchCriteriaId": "7CF4FCB9-7360-4ABB-95FB-0239CDC8D3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*",
"matchCriteriaId": "465DD666-3499-4911-A1DF-6BAAFCCFA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*",
"matchCriteriaId": "6F18CEDC-5D7A-4496-8B5E-59EBEA4362BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*",
"matchCriteriaId": "8C1DE547-F217-4518-AD90-3607AE21F6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known."
},
{
"lang": "es",
"value": "Las referencias de identificaci\u00f3n de usuario en las menciones en los comentarios del documento no se sanitizaron correctamente. Se podr\u00eda inyectar c\u00f3digo de script en la sesi\u00f3n de un usuario cuando se trabaja con un documento malicioso. Implemente las actualizaciones y lanzamientos de parches proporcionados. El contenido definido por el usuario, como comentarios y menciones, ahora se filtra para evitar contenido potencialmente malicioso. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-41703",
"lastModified": "2024-11-21T08:21:30.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-12T09:15:10.480",
"references": [
{
"source": "security@open-xchange.com",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-31 22:15
Modified
2024-11-21 02:11
Severity ?
Summary
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567B4139-220A-46A7-B847-616F99A1EA66",
"versionEndIncluding": "7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A708019-6229-4768-994C-5A51B0495CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision1:*:*:*:*:*:*",
"matchCriteriaId": "A4895984-4266-4924-A9C4-4DFEA90AFF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision10:*:*:*:*:*:*",
"matchCriteriaId": "39A9F45E-5CAB-4BE5-8EAB-9E5ED43B4381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision2:*:*:*:*:*:*",
"matchCriteriaId": "72DB60BE-F818-4481-95BD-C0C1A42F2618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision3:*:*:*:*:*:*",
"matchCriteriaId": "0B54DE9D-563C-45A9-BDED-3F216FECF28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision4:*:*:*:*:*:*",
"matchCriteriaId": "F2A40E87-368E-4815-9988-1153E1866103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision5:*:*:*:*:*:*",
"matchCriteriaId": "E112E77E-C2CC-40D4-A8DC-F1FF76305CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision6:*:*:*:*:*:*",
"matchCriteriaId": "76A099A1-23A0-4F0B-84C4-05C687F24F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision7:*:*:*:*:*:*",
"matchCriteriaId": "D0E95BA0-1517-4DAA-93B5-2B84DF4C3074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision8:*:*:*:*:*:*",
"matchCriteriaId": "5F1899F3-6554-4C42-ACA2-4C22993D49DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision9:*:*:*:*:*:*",
"matchCriteriaId": "A45F679A-7F4D-49A5-8B95-E588102601F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A22E01-73E0-4140-8BA1-AB147A9471CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision1:*:*:*:*:*:*",
"matchCriteriaId": "91DC49BA-9FF4-4E0F-9723-E8F2970D6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision2:*:*:*:*:*:*",
"matchCriteriaId": "BB0ABA40-F8EF-4368-98A6-083F0E4528EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision3:*:*:*:*:*:*",
"matchCriteriaId": "B9E00E96-8D99-4579-8104-274908F3AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision4:*:*:*:*:*:*",
"matchCriteriaId": "733FEC4F-0DC2-49DE-8660-449CCE5A7F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision5:*:*:*:*:*:*",
"matchCriteriaId": "CFA35536-65FA-4228-9C84-CC69C91B3A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision6:*:*:*:*:*:*",
"matchCriteriaId": "0A6AABD0-D82F-465B-8B73-CA0B8A611DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision7:*:*:*:*:*:*",
"matchCriteriaId": "85511C44-A366-4F62-944B-AEEDB8A6B938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision8:*:*:*:*:*:*",
"matchCriteriaId": "D3AD4BE8-CC1D-4FFA-B890-F565EA555366",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de ruta absoluto en documentconverter en Open-Xchange (OX) AppSuite versiones anteriores a 7.4.2-rev10 y versiones 7.6.x anteriores a 7.6.0-rev10, permiten a atacantes remotos leer archivos de aplicaci\u00f3n por medio de un nombre de ruta completo en un (1) objeto OLE o (2) imagen dise\u00f1ada en un archivo de texto OpenDocument."
}
],
"id": "CVE-2014-5236",
"lastModified": "2024-11-21T02:11:40.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-31T22:15:10.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 04:15
Modified
2024-11-21 06:59
Severity ?
Summary
OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Sep/0 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Sep/0 | Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3B06B3-8919-4D41-87A6-DA39189750B9",
"versionEndExcluding": "7.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC1F1C5-1B96-48D6-A600-900DD5BE72FA",
"versionEndExcluding": "8.2.324",
"versionStartIncluding": "8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FE68F102-2EE1-44FF-A8AB-6F71F62712D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*",
"matchCriteriaId": "4F5923E6-C4C1-492F-A130-65D102F67B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*",
"matchCriteriaId": "D703A274-D197-42B3-9720-70E6CCD9E825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*",
"matchCriteriaId": "D4D5F145-F2BA-4589-8B9A-B967069EA355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*",
"matchCriteriaId": "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*",
"matchCriteriaId": "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*",
"matchCriteriaId": "3FAD63B8-9158-4552-8987-3A418AC5A3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*",
"matchCriteriaId": "87793628-6C35-4137-B584-3AE2A8363AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*",
"matchCriteriaId": "06C14CAB-9C56-48A2-82FA-16110923CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*",
"matchCriteriaId": "2201C280-3674-4FA4-8176-723C175A2469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*",
"matchCriteriaId": "A3CB3836-AD68-4167-98FD-5B05CC9C92EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*",
"matchCriteriaId": "604CF453-CBBE-4123-B3ED-87A8CBF407DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*",
"matchCriteriaId": "6AF52278-E711-4656-9A1C-0A3A7F3C671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*",
"matchCriteriaId": "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*",
"matchCriteriaId": "8A0D1287-7A32-4F56-97F2-8573F12D8EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*",
"matchCriteriaId": "69858B8E-E4C7-485C-882A-206E07D7343F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*",
"matchCriteriaId": "C2B82BFA-39B6-4DC8-B691-3284FDCFA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*",
"matchCriteriaId": "FD4E8470-B8CE-4670-8334-86B817180E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*",
"matchCriteriaId": "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*",
"matchCriteriaId": "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*",
"matchCriteriaId": "41EA5F8E-05B5-4C4A-8853-B6948C358F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*",
"matchCriteriaId": "3E1A5843-F09A-4BBE-878D-C967E4061B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*",
"matchCriteriaId": "D579A835-6B7F-4C77-991F-C760CB8D3750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*",
"matchCriteriaId": "B4935091-B9B4-4EA7-8785-FE4529ACFEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*",
"matchCriteriaId": "33DAB50E-18A0-43CC-9043-5E2B722F3A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*",
"matchCriteriaId": "0E1E9E82-17E3-4B43-AD5B-BBAD25759950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*",
"matchCriteriaId": "E73BDC2E-3C39-454F-B929-8BB936F36AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*",
"matchCriteriaId": "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*",
"matchCriteriaId": "9EA739D6-10BD-48B4-9C30-92BE4381C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*",
"matchCriteriaId": "79219E01-26C2-462C-B604-783490F26565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*",
"matchCriteriaId": "6F121147-1AAB-4123-AFD2-31F39434819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*",
"matchCriteriaId": "52B9445C-4B0E-437A-BE3C-DBB8A621D354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*",
"matchCriteriaId": "979495B8-8BF0-41B0-9BD5-48554A9C8889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked."
},
{
"lang": "es",
"value": "OX App Suite hasta 8.2 permite XSS porque BMFreehand10 e image/x-freehand no est\u00e1n bloqueados."
}
],
"id": "CVE-2022-29852",
"lastModified": "2024-11-21T06:59:49.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T04:15:10.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Sep/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Sep/0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:54
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html | Mitigation, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/539394/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/92922 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/40378/ | Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html | Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/539394/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92922 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40378/ | Mitigation, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*",
"matchCriteriaId": "63233ABF-06E1-4819-B885-1028FEA3EB5A",
"versionEndIncluding": "7.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment\u0027s location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user\u0027s current session. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev5. Un c\u00f3digo JavaScript puede ser usado como parte de adjuntos ical dentro de E-Mails de programaci\u00f3n. Este contenido, por ejemplo la ubicaci\u00f3n de una reuni\u00f3n, se presentar\u00e1 al usuario en la aplicaci\u00f3n de correo electr\u00f3nico, dependiendo del flujo de trabajo de la invitaci\u00f3n. Este c\u00f3digo se ejecuta dentro del contexto de la sesi\u00f3n actual del usuario. El c\u00f3digo script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesi\u00f3n o activar acciones no deseadas a trav\u00e9s de la interfaz web (env\u00edo de correo, eliminaci\u00f3n de datos, etc.)."
}
],
"id": "CVE-2016-5740",
"lastModified": "2024-11-21T02:54:55.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:14.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/539394/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92922"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40378/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/138700/Open-Xchange-App-Suite-7.8.2-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539394/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40378/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-12 09:15
Modified
2024-11-21 08:21
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D4F30E-2F52-4948-9C69-C57472833C79",
"versionEndExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*",
"matchCriteriaId": "0F56A261-EC62-423C-B487-35EA9D4A83FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*",
"matchCriteriaId": "D295E160-C87A-498D-AB0E-BA1E50825249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*",
"matchCriteriaId": "A30BE138-D745-4F0E-AAE4-202A1C769C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*",
"matchCriteriaId": "7CF4FCB9-7360-4ABB-95FB-0239CDC8D3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*",
"matchCriteriaId": "465DD666-3499-4911-A1DF-6BAAFCCFA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*",
"matchCriteriaId": "6F18CEDC-5D7A-4496-8B5E-59EBEA4362BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*",
"matchCriteriaId": "8C1DE547-F217-4518-AD90-3607AE21F6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "References to the \"app loader\" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known."
},
{
"lang": "es",
"value": "Las referencias a la funcionalidad \"cargador de aplicaciones\" podr\u00edan contener redireccionamientos a ubicaciones inesperadas. Los atacantes podr\u00edan falsificar referencias de aplicaciones que eluden las salvaguardas existentes para inyectar c\u00f3digo de script malicioso. Implemente las actualizaciones y lanzamientos de parches proporcionados. Las referencias a aplicaciones ahora se controlan de manera m\u00e1s estricta para evitar referencias relativas. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-41708",
"lastModified": "2024-11-21T08:21:31.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-12T09:15:11.470",
"references": [
{
"source": "security@open-xchange.com",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:48
Severity ?
Summary
An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/537959/100/0/threaded | ||
| cve@mitre.org | http://www.securitytracker.com/id/1035469 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/537959/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035469 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev25:*:*:*:*:*:*",
"matchCriteriaId": "E5A73DBD-F757-4DDC-92D8-32D9FDDDF352",
"versionEndIncluding": "7.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The \"session\" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain\u0027s context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange Server 6 / OX AppSuite en versiones anteriores a 7.8.0-rev26. El par\u00e1metro \"session\" para peticiones de descarga de archivos puede emplearse para inyectar c\u00f3digo script que se refleja a trav\u00e9s de la posterior p\u00e1gina de estado. El c\u00f3digo script malicioso puede ser ejecutado dentro de un contexto de dominio de confianza. Mientras que ning\u00fan dato espec\u00edfico de OX App Suite puede ser manipulado, la vulnerabilidad puede ser explotada sin ser autenticado y por tanto ser utilizada para ataques de ingenier\u00eda social, robando cookies o redirigiendo desde hosts confiables a maliciosos."
}
],
"id": "CVE-2016-2840",
"lastModified": "2024-11-21T02:48:55.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:01.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/537959/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537959/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035469"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 04:59
Severity ?
Summary
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/Aug/14 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/Aug/14 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A06C48CD-12A4-4108-96F5-CCF40B11D104",
"versionEndIncluding": "7.10.3",
"versionStartIncluding": "7.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption."
},
{
"lang": "es",
"value": "OX App Suite versiones 7.10.1 hasta 7.10.3, presenta una comprobaci\u00f3n de entrada inapropiada para los l\u00edmites de tarifas con un encabezado User-Agent dise\u00f1ado, avisos de vacaciones falsificados y consumo de memoria de /apps/load"
}
],
"id": "CVE-2020-12645",
"lastModified": "2024-11-21T04:59:58.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-31T15:15:10.290",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/Aug/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/Aug/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 04:09
Severity ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE77111-9626-48C1-9C13-6FF650B91363",
"versionEndIncluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "D4417841-A79D-479F-BBB4-13892CD29CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "11FED64F-98F2-4155-A34D-DCC0DCF55CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "544677BC-DEFB-45B8-BB08-124E5666A04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "ABA212B4-FC4B-4268-A778-23D588E76880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "10D10170-9528-49BB-88B8-92A4D016EA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "2DA48ACB-659B-408C-B7E1-945A6333C1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "449B4C7A-6287-4018-86AA-D34BEF8DB83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "8BF46085-0E23-4C9C-9899-30EB63EFC392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "39BB146E-14BF-4AC7-B267-3176545CBCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "64201845-70B6-4124-BA02-DE0646BE75A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "5E5DE686-E794-4C06-9AC8-5682B1CF68AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev32:*:*:*:*:*:*",
"matchCriteriaId": "E4710EAE-6227-4A72-9549-6EEF0CEB6E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev33:*:*:*:*:*:*",
"matchCriteriaId": "7AD9AE40-5AE0-4DA6-BD1D-CC02746DA917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev35:*:*:*:*:*:*",
"matchCriteriaId": "3681A31A-1795-4C44-B482-1F1028449960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E26B66B2-9BE8-4843-9B4B-D673FAC44023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2633E559-38E4-4024-BB5F-94EDFE5F93FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E804C89F-033F-43B3-B63B-172F9B2136CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*",
"matchCriteriaId": "0F7C6765-34DD-4326-99A8-F85DA19ECE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*",
"matchCriteriaId": "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*",
"matchCriteriaId": "B040A950-FEC3-465D-AD19-3AA8EE11AE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*",
"matchCriteriaId": "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "76D18DCA-5D64-4D38-99B0-1B984C402E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "46718CD2-0403-4DA2-B157-5714BD654EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "4BA1274B-9103-449F-ABD1-C898B716B433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "3BB485BC-3247-4E06-8017-118B597B0184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*",
"matchCriteriaId": "6C447C6E-6188-47C6-BC68-8FD99B49F2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "211647E5-8BCA-4393-B54B-CE382D5DF3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*",
"matchCriteriaId": "855C2E78-C554-43A7-BD3F-747053F45709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "64594DD5-2816-4123-A12C-505FE4480AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "30145547-3406-4639-A5AD-52EFAA734EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*",
"matchCriteriaId": "91040A22-04F6-43ED-A6A1-060703D285C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "5A3E2338-E774-4188-B352-B79FBB9C5511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "E8381BB7-3602-4DCF-A070-1067C277AAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "98B758CC-D26C-4B83-98E7-3BA4ECF96966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*",
"matchCriteriaId": "7BCE965A-70BE-4159-93D8-A2520C8C4CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*",
"matchCriteriaId": "1152B60C-3188-4BE7-897A-B09C5732ECAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*",
"matchCriteriaId": "5F1F087A-7373-4B7F-87BD-8509704F47CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*",
"matchCriteriaId": "D82CB956-9A14-49C5-8308-52198589BAC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*",
"matchCriteriaId": "2F202094-2A74-44DA-BB3A-06AF3326E544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*",
"matchCriteriaId": "DC128D82-A687-4043-AC01-9A329ED9F9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*",
"matchCriteriaId": "CBE4CF1D-B716-4992-B3DE-599AD7407780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*",
"matchCriteriaId": "49FCC4A7-3078-421A-A3A1-C58976F47262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev41:*:*:*:*:*:*",
"matchCriteriaId": "E57747B2-0C7B-4004-82AA-8C59CABC3B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev42:*:*:*:*:*:*",
"matchCriteriaId": "BECD9AD4-EB03-4BF0-A219-DD965A55670A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev43:*:*:*:*:*:*",
"matchCriteriaId": "5E0F6A5B-BDBB-4DF5-91A0-440834EE161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "F57910B1-968D-4DF3-8C2D-9EB3765C7214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*",
"matchCriteriaId": "A07A8019-D7D7-4E1D-AEA7-DF509175393D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*",
"matchCriteriaId": "9FEEF620-CD8A-49C4-89D6-565503A1790F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6164303F-253E-440C-A45C-94FFF7B492AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "4DD257D7-D9B2-4036-92D6-3A923B7DC59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "36383B07-AF6C-4EDA-A35E-50633D1612A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "032B8B47-9E01-41B3-99D4-DECD4727DEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F7211571-4614-4169-A897-D0047304A4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "992082E5-5E00-40F0-8246-FD44D189C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "4279A168-8A9A-43FF-8766-738EE31D6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "5A734819-B817-4E54-89B1-B6A5FD52C758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*",
"matchCriteriaId": "63AFF50B-7ABD-455D-A2A5-05432B41E4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*",
"matchCriteriaId": "E2842D25-1A80-4403-B7A2-6E26527588E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*",
"matchCriteriaId": "7DAA5D88-75E9-4D77-9F34-AB456F0733F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*",
"matchCriteriaId": "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8681201A-5DB3-42A9-A203-9641B4459537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "C567F8B8-D9D0-4006-819C-C995C6573FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "07FEF270-E3ED-463D-9940-7FC9573E40C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "BF34B133-486B-4D77-8745-4D0E082FF8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses."
},
{
"lang": "es",
"value": "El componente backend en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev36, versiones 7.8.x anteriores a la 7.8.2-rev39, versiones 7.8.3 anteriores a la 7.8.3-rev44 y versiones 7.8.4 anteriores a la 7.8.4-rev22 permite que atacantes remotos realicen ataques de Server-Side Request Forgery (SSRF) mediante vectores relacionados con representaciones no decimales de direcciones IP y direcciones IPv6 relacionadas especiales."
}
],
"id": "CVE-2018-5752",
"lastModified": "2024-11-21T04:09:19.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-16T01:29:06.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-23 05:15
Modified
2024-11-21 05:04
Severity ?
Summary
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/Oct/20 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/Oct/20 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA29625-42CD-49CC-9E34-858CB6C5D28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "944562A2-53D7-4D75-B238-B9BD0F695E45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access)."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.3, permite una Exposici\u00f3n de Informaci\u00f3n porque un usuario puede obtener la direcci\u00f3n IP y la cadena User-Agent de un usuario diferente (por medio de la API de sesi\u00f3n durante el acceso a la Unidad compartida)"
}
],
"id": "CVE-2020-15003",
"lastModified": "2024-11-21T05:04:36.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-23T05:15:13.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:49
Severity ?
Summary
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev26:*:*:*:*:*:*",
"matchCriteriaId": "114717B8-5FC3-4633-BE62-AFE9F5C9843A",
"versionEndIncluding": "7.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX AppSuite en versiones anteriores a 7.8.0-rev27. El par\u00e1metro aria-label de los t\u00edtulos en el Portal pueden ser utilizados para inyectar c\u00f3digo script. Esas etiquetas usan el nombre del archivo (e.j. una imagen) que se muestra en la aplicaci\u00f3n del portal. El uso de c\u00f3digo script en el nombre del archivo conduce a la ejecuci\u00f3n del script. C\u00f3digo script malicioso puede ser ejecutado dentro de un contexto de usuario. Esto puede conducir al secuestro de sesi\u00f3n o el desencadenamiento de acciones no deseadas a trav\u00e9s de la interfaz web (enviando correos, borrando datos etc.). Los usuarios tienen que a\u00f1adir activamente un archivo al portal para habilitar este ataque. En caso de archivos compartidos sin embargo, un atacante interno podr\u00eda modificar un archivo previamente embebido para portar un nombre de archivo malicioso. Adem\u00e1s, esta vulnerabilidad puede ser utilizada para ejecutar c\u00f3digo que fue inyectado por una vulnerabilidad temporal de ejecuci\u00f3n de secuencias de comandos."
}
],
"id": "CVE-2016-3173",
"lastModified": "2024-11-21T02:49:32.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:02.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538481/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538481/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 02:15
Modified
2024-11-21 07:14
Severity ?
Summary
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3B06B3-8919-4D41-87A6-DA39189750B9",
"versionEndExcluding": "7.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FE68F102-2EE1-44FF-A8AB-6F71F62712D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*",
"matchCriteriaId": "4F5923E6-C4C1-492F-A130-65D102F67B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*",
"matchCriteriaId": "D703A274-D197-42B3-9720-70E6CCD9E825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*",
"matchCriteriaId": "D4D5F145-F2BA-4589-8B9A-B967069EA355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*",
"matchCriteriaId": "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*",
"matchCriteriaId": "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*",
"matchCriteriaId": "3FAD63B8-9158-4552-8987-3A418AC5A3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*",
"matchCriteriaId": "87793628-6C35-4137-B584-3AE2A8363AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*",
"matchCriteriaId": "06C14CAB-9C56-48A2-82FA-16110923CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*",
"matchCriteriaId": "2201C280-3674-4FA4-8176-723C175A2469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*",
"matchCriteriaId": "A3CB3836-AD68-4167-98FD-5B05CC9C92EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*",
"matchCriteriaId": "604CF453-CBBE-4123-B3ED-87A8CBF407DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*",
"matchCriteriaId": "6AF52278-E711-4656-9A1C-0A3A7F3C671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*",
"matchCriteriaId": "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*",
"matchCriteriaId": "8A0D1287-7A32-4F56-97F2-8573F12D8EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*",
"matchCriteriaId": "69858B8E-E4C7-485C-882A-206E07D7343F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*",
"matchCriteriaId": "C2B82BFA-39B6-4DC8-B691-3284FDCFA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*",
"matchCriteriaId": "FD4E8470-B8CE-4670-8334-86B817180E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*",
"matchCriteriaId": "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*",
"matchCriteriaId": "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*",
"matchCriteriaId": "41EA5F8E-05B5-4C4A-8853-B6948C358F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*",
"matchCriteriaId": "3E1A5843-F09A-4BBE-878D-C967E4061B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*",
"matchCriteriaId": "D579A835-6B7F-4C77-991F-C760CB8D3750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*",
"matchCriteriaId": "B4935091-B9B4-4EA7-8785-FE4529ACFEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*",
"matchCriteriaId": "33DAB50E-18A0-43CC-9043-5E2B722F3A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*",
"matchCriteriaId": "0E1E9E82-17E3-4B43-AD5B-BBAD25759950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*",
"matchCriteriaId": "E73BDC2E-3C39-454F-B929-8BB936F36AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*",
"matchCriteriaId": "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*",
"matchCriteriaId": "9EA739D6-10BD-48B4-9C30-92BE4381C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*",
"matchCriteriaId": "79219E01-26C2-462C-B604-783490F26565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*",
"matchCriteriaId": "6F121147-1AAB-4123-AFD2-31F39434819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*",
"matchCriteriaId": "52B9445C-4B0E-437A-BE3C-DBB8A621D354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*",
"matchCriteriaId": "979495B8-8BF0-41B0-9BD5-48554A9C8889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*",
"matchCriteriaId": "A82EF754-CCB7-4A03-8986-42BA76E6A2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*",
"matchCriteriaId": "F4CAFBCA-BD13-4295-A558-844716BA0C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*",
"matchCriteriaId": "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature."
},
{
"lang": "es",
"value": "OX App Suite hasta 7.10.6 permite XSS a trav\u00e9s de XHTML CDATA para un fragmento, como lo demuestra el atributo onerror de un elemento IMG dentro de una firma de correo electr\u00f3nico."
}
],
"id": "CVE-2022-37307",
"lastModified": "2024-11-21T07:14:43.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T02:15:09.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-26 20:55
Modified
2024-11-21 02:00
Severity ?
Summary
XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567B4139-220A-46A7-B847-616F99A1EA66",
"versionEndIncluding": "7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAEED7B-C295-42B4-A60B-2EAA596E3D65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks."
},
{
"lang": "es",
"value": "Vulnerabilidad en entidades externas XML (XXE) en la interfaz de CalDAV en Open-Xchange (OX) AppSuite 7.4.1 y anteriores permite a usuarios remotos autenticados leer porciones de archivos arbitrarios a trav\u00e9s de vectores relacionados con el constructor de SAX y la interfaz de WebDAV. NOTA: este problema ha sido etiquetado como tanto como de recorrido ruta absoluta y XXE, pero la causa raiz puede ser XXE, ya XXE puede ser explotado para realizar el recorrido ruta absoluta y otros ataques."
}
],
"evaluatorComment": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"id": "CVE-2013-7140",
"lastModified": "2024-11-21T02:00:24.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-26T20:55:05.877",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2014/Jan/57"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/102194"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65015"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029650"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Jan/57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/102194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90543"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:51
Severity ?
7.6 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D4F30E-2F52-4948-9C69-C57472833C79",
"versionEndExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Se podr\u00eda abusar de las solicitudes para almacenar en cach\u00e9 una imagen para incluir consultas SQL que se ejecutar\u00edan sin comprobar. Explotar esta vulnerabilidad requiere al menos acceso a redes adyacentes del servicio de conversi\u00f3n de im\u00e1genes, que no est\u00e1 expuesto a redes p\u00fablicas de forma predeterminada. Se podr\u00edan ejecutar sentencias SQL Arbitrarias en el contexto de la cuenta de usuario de la base de datos de servicios. Las solicitudes de API ahora se verifican correctamente para detectar contenido v\u00e1lido y los intentos de omitir esta verificaci\u00f3n se registran como errores. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-26453",
"lastModified": "2024-11-21T07:51:29.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 6.0,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-02T14:15:10.737",
"references": [
{
"source": "security@open-xchange.com",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:56
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*",
"matchCriteriaId": "63233ABF-06E1-4819-B885-1028FEA3EB5A",
"versionEndIncluding": "7.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded \"data\" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. Un c\u00f3digo script con hiperlinks en HTML E-Mails no est\u00e1 siendo correctamente desinfectado cuando utliliza recursos codificados base64 \"data\". Esto permite a un atacante proporcionar hiperlinks que podr\u00edan ejecutar un c\u00f3digo script en lugar de dirigir a una localizaci\u00f3n adecuada. El c\u00f3digo script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesi\u00f3n o activar acciones no deseadas a trav\u00e9s de la interfaz web (env\u00edo de correo, eliminaci\u00f3n de datos, etc.)."
}
],
"id": "CVE-2016-6845",
"lastModified": "2024-11-21T02:56:56.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:18.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 04:09
Severity ?
Summary
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.8.0 | |
| open-xchange | open-xchange_appsuite | 7.8.2 | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE77111-9626-48C1-9C13-6FF650B91363",
"versionEndIncluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E26B66B2-9BE8-4843-9B4B-D673FAC44023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2633E559-38E4-4024-BB5F-94EDFE5F93FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E804C89F-033F-43B3-B63B-172F9B2136CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6164303F-253E-440C-A45C-94FFF7B492AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8681201A-5DB3-42A9-A203-9641B4459537",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio absoluto en el componente readerengine en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev3, versiones 7.8.x anteriores a la 7.8.2-rev4, versiones 7.8.3 anteriores a la 7.8.3-rev5 y versiones 7.8.4 anteriores a la 7.8.4-rev4 permite que atacantes remotos lean archivos arbitrarios mediante un nombre de ruta completo en una f\u00f3rmula en una hoja de c\u00e1lculo."
}
],
"id": "CVE-2018-5755",
"lastModified": "2024-11-21T04:09:19.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-16T01:29:06.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 04:15
Modified
2024-11-21 07:14
Severity ?
Summary
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3B06B3-8919-4D41-87A6-DA39189750B9",
"versionEndExcluding": "7.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FE68F102-2EE1-44FF-A8AB-6F71F62712D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*",
"matchCriteriaId": "4F5923E6-C4C1-492F-A130-65D102F67B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*",
"matchCriteriaId": "D703A274-D197-42B3-9720-70E6CCD9E825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*",
"matchCriteriaId": "D4D5F145-F2BA-4589-8B9A-B967069EA355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*",
"matchCriteriaId": "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*",
"matchCriteriaId": "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*",
"matchCriteriaId": "3FAD63B8-9158-4552-8987-3A418AC5A3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*",
"matchCriteriaId": "87793628-6C35-4137-B584-3AE2A8363AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*",
"matchCriteriaId": "06C14CAB-9C56-48A2-82FA-16110923CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*",
"matchCriteriaId": "2201C280-3674-4FA4-8176-723C175A2469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*",
"matchCriteriaId": "A3CB3836-AD68-4167-98FD-5B05CC9C92EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*",
"matchCriteriaId": "604CF453-CBBE-4123-B3ED-87A8CBF407DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*",
"matchCriteriaId": "6AF52278-E711-4656-9A1C-0A3A7F3C671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*",
"matchCriteriaId": "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*",
"matchCriteriaId": "8A0D1287-7A32-4F56-97F2-8573F12D8EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*",
"matchCriteriaId": "69858B8E-E4C7-485C-882A-206E07D7343F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*",
"matchCriteriaId": "C2B82BFA-39B6-4DC8-B691-3284FDCFA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*",
"matchCriteriaId": "FD4E8470-B8CE-4670-8334-86B817180E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*",
"matchCriteriaId": "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*",
"matchCriteriaId": "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*",
"matchCriteriaId": "41EA5F8E-05B5-4C4A-8853-B6948C358F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*",
"matchCriteriaId": "3E1A5843-F09A-4BBE-878D-C967E4061B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*",
"matchCriteriaId": "D579A835-6B7F-4C77-991F-C760CB8D3750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*",
"matchCriteriaId": "B4935091-B9B4-4EA7-8785-FE4529ACFEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*",
"matchCriteriaId": "33DAB50E-18A0-43CC-9043-5E2B722F3A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*",
"matchCriteriaId": "0E1E9E82-17E3-4B43-AD5B-BBAD25759950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*",
"matchCriteriaId": "E73BDC2E-3C39-454F-B929-8BB936F36AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*",
"matchCriteriaId": "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*",
"matchCriteriaId": "9EA739D6-10BD-48B4-9C30-92BE4381C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*",
"matchCriteriaId": "79219E01-26C2-462C-B604-783490F26565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*",
"matchCriteriaId": "6F121147-1AAB-4123-AFD2-31F39434819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*",
"matchCriteriaId": "52B9445C-4B0E-437A-BE3C-DBB8A621D354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*",
"matchCriteriaId": "979495B8-8BF0-41B0-9BD5-48554A9C8889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*",
"matchCriteriaId": "A82EF754-CCB7-4A03-8986-42BA76E6A2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*",
"matchCriteriaId": "F4CAFBCA-BD13-4295-A558-844716BA0C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*",
"matchCriteriaId": "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!\u0026app=io.ox/files\u0026cap= URI."
},
{
"lang": "es",
"value": "OX App Suite hasta 7.10.6 permite XSS a trav\u00e9s de una capacidad maliciosa para las m\u00e9tricas o el m\u00f3dulo de ayuda, como lo demuestra un URI /#!!\u0026amp;app=io.ox/files\u0026amp;cap=."
}
],
"id": "CVE-2022-37310",
"lastModified": "2024-11-21T07:14:43.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T04:15:10.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:13
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Product | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF."
},
{
"lang": "es",
"value": "Open-Xchange GmbH OX App Suite versi\u00f3n 7.8.4 y anteriores, se ven afectadas por: SSRF."
}
],
"id": "CVE-2017-15029",
"lastModified": "2024-11-21T03:13:58.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T15:29:00.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:51
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev7:*:*:*:*:*:*",
"matchCriteriaId": "37C8561D-A430-47F7-89E0-56B995726C27",
"versionEndIncluding": "7.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev8. Referencias a un documento de tipo de definiciones Open XML externo (recursos .dtd) pueden ser puestas dentro de archivos .docx y .xslx. Estos recursos se solicitaron al analizar ciertas partes del documento generado. Como resultado, un atacante puede rastrear el acceso a un documento manipulado. El uso de un documento puede ser rastreado y la informaci\u00f3n sobre la infraestructura interna puede quedar expuesta."
}
],
"id": "CVE-2016-4047",
"lastModified": "2024-11-21T02:51:13.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:11.037",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:56
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D4F30E-2F52-4948-9C69-C57472833C79",
"versionEndExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Documents operations, in this case \"drawing\", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Las operaciones de documentos, en este caso \"drawing\", podr\u00edan manipularse para contener tipos de datos no v\u00e1lidos, posiblemente c\u00f3digo de script. Se podr\u00eda inyectar c\u00f3digo de script en una operaci\u00f3n que se ejecutar\u00eda para los usuarios que colaboran activamente en el mismo documento. Ahora se verifica la validez de los datos de operaci\u00f3n intercambiados entre partes colaboradoras para evitar la ejecuci\u00f3n de c\u00f3digo. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-29045",
"lastModified": "2024-11-21T07:56:26.413",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-02T14:15:11.153",
"references": [
{
"source": "security@open-xchange.com",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-12 09:15
Modified
2024-11-21 08:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7804FF21-94F6-4160-9628-B91ED4CDDCB6",
"versionEndExcluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3159C504-0462-4AA9-9137-F25961B67ED6",
"versionEndExcluding": "7.10.6",
"versionStartExcluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37B7CC3-A4D2-4CA5-8159-FE1A9016F9A0",
"versionEndExcluding": "8.20",
"versionStartExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7AB04398-3973-4503-959E-FA8EE511DA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3464:*:*:*:*:*:*",
"matchCriteriaId": "161CD641-C9EC-4FBE-BFFD-48C96FE71085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3519:*:*:*:*:*:*",
"matchCriteriaId": "73F1F959-F82B-4E00-91AE-C39037A93DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3569:*:*:*:*:*:*",
"matchCriteriaId": "E151E1EA-DA35-47CB-80C2-359518C213FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3627:*:*:*:*:*:*",
"matchCriteriaId": "156910B8-F553-4F4C-B990-131F04001AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3728:*:*:*:*:*:*",
"matchCriteriaId": "13248A9A-D131-4596-A511-A18A83F9D4C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3875:*:*:*:*:*:*",
"matchCriteriaId": "54936294-45A6-410B-B6F6-CC2CEFCE937E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3922:*:*:*:*:*:*",
"matchCriteriaId": "8EDB7577-5763-41A1-90A7-7D7F225F8C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3949:*:*:*:*:*:*",
"matchCriteriaId": "39B4BD56-3236-4AE0-93F6-F0E0190C77AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3991:*:*:*:*:*:*",
"matchCriteriaId": "6F20C5D9-6DCA-4F3F-A9A8-FACAE5C4AB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4047:*:*:*:*:*:*",
"matchCriteriaId": "F94B78AE-45FE-4BA7-BFD6-55767F8C3A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4133:*:*:*:*:*:*",
"matchCriteriaId": "B103D02E-C443-446B-A358-A052866BC624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4423:*:*:*:*:*:*",
"matchCriteriaId": "4D578FCB-EE90-4BB9-9E28-DC1FA139787C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4470:*:*:*:*:*:*",
"matchCriteriaId": "71380C28-6A25-425B-BE7F-6D06E0CE5C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4552:*:*:*:*:*:*",
"matchCriteriaId": "DDBF0D2F-2C22-448E-A0D2-E66527188928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4667:*:*:*:*:*:*",
"matchCriteriaId": "50EC169C-73B6-40F5-8C7A-6DD71DC19893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4750:*:*:*:*:*:*",
"matchCriteriaId": "4B2CA948-280B-4EB8-9309-B016C9557A64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4789:*:*:*:*:*:*",
"matchCriteriaId": "36511A48-EBD8-40C2-A1FB-10F33264CF3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4839:*:*:*:*:*:*",
"matchCriteriaId": "EBE8374F-0D7D-422F-83AC-ADF9B9E6E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4860:*:*:*:*:*:*",
"matchCriteriaId": "285B9A4B-6F4F-4899-AD2A-57E22BF9F7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4895:*:*:*:*:*:*",
"matchCriteriaId": "5BAD0604-90FC-4647-854A-E10330579B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5104:*:*:*:*:*:*",
"matchCriteriaId": "7F26505E-0F61-40A2-B6BA-17C7E30D375C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5165:*:*:*:*:*:*",
"matchCriteriaId": "FD3E0ABC-2DAC-4441-96DB-BD84DD8B8E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5231:*:*:*:*:*:*",
"matchCriteriaId": "347700F5-3BDA-4DA3-AA81-4D593E131AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5537:*:*:*:*:*:*",
"matchCriteriaId": "5EF075DE-44C7-4FC0-9BD7-E7A2C95651D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5637:*:*:*:*:*:*",
"matchCriteriaId": "5CB6B4D0-E2B8-44F3-877B-293325EF44A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5910:*:*:*:*:*:*",
"matchCriteriaId": "716CC742-9F23-4734-9CFF-338A231476D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*",
"matchCriteriaId": "0F56A261-EC62-423C-B487-35EA9D4A83FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*",
"matchCriteriaId": "D295E160-C87A-498D-AB0E-BA1E50825249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*",
"matchCriteriaId": "A30BE138-D745-4F0E-AAE4-202A1C769C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*",
"matchCriteriaId": "7CF4FCB9-7360-4ABB-95FB-0239CDC8D3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*",
"matchCriteriaId": "465DD666-3499-4911-A1DF-6BAAFCCFA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*",
"matchCriteriaId": "6F18CEDC-5D7A-4496-8B5E-59EBEA4362BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*",
"matchCriteriaId": "8C1DE547-F217-4518-AD90-3607AE21F6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known."
},
{
"lang": "es",
"value": "Ahora se supervisa el tiempo de procesamiento de las expresiones de b\u00fasqueda de unidades y la solicitud relacionada finaliza si se alcanza un umbral de recursos. La disponibilidad de OX App Suite podr\u00eda verse reducida debido a la alta carga de procesamiento. Implemente las actualizaciones y lanzamientos de parches proporcionados. El procesamiento de expresiones de b\u00fasqueda de unidades definidas por el usuario no est\u00e1 limitado. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-41706",
"lastModified": "2024-11-21T08:21:30.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-12T09:15:11.073",
"references": [
{
"source": "security@open-xchange.com",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-20 16:55
Modified
2024-11-21 02:05
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.4.1 | |
| open-xchange | open-xchange_appsuite | 7.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABF6E32-2996-4DCF-A4A2-197CCFAEE22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A708019-6229-4768-994C-5A51B0495CAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving \u0027the aria \"tags\" for screenreaders at the top bar\u0027."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el Frontend en Open-Xchange (OX) AppSuite 7.4.1 anterior a 7.4.1-rev10 y 7.4.2 anterior a 7.4.2-rev8 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del asunto de un email, involucrando las etiquetas aria para lectores de pantalla en la barra superior."
}
],
"id": "CVE-2014-2077",
"lastModified": "2024-11-21T02:05:35.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-20T16:55:16.950",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 04:59
Severity ?
Summary
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.open-xchange.com/ | Vendor Advisory | |
| nvd@nist.gov | https://exchange.xforce.ibmcloud.com/vulnerabilities/187114 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document."
},
{
"lang": "es",
"value": "OX App Suite versiones 7.10.3 y anteriores, permiten un ataque de tipo XSS por medio de texto/x-javascript, texto/rdf o un documento PDF"
}
],
"id": "CVE-2020-12646",
"lastModified": "2024-11-21T04:59:58.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-31T15:15:10.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 04:15
Modified
2024-11-21 06:59
Severity ?
Summary
OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Sep/0 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Sep/0 | Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3B06B3-8919-4D41-87A6-DA39189750B9",
"versionEndExcluding": "7.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FE68F102-2EE1-44FF-A8AB-6F71F62712D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*",
"matchCriteriaId": "4F5923E6-C4C1-492F-A130-65D102F67B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*",
"matchCriteriaId": "D703A274-D197-42B3-9720-70E6CCD9E825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*",
"matchCriteriaId": "D4D5F145-F2BA-4589-8B9A-B967069EA355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*",
"matchCriteriaId": "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*",
"matchCriteriaId": "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*",
"matchCriteriaId": "3FAD63B8-9158-4552-8987-3A418AC5A3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*",
"matchCriteriaId": "87793628-6C35-4137-B584-3AE2A8363AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*",
"matchCriteriaId": "06C14CAB-9C56-48A2-82FA-16110923CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*",
"matchCriteriaId": "2201C280-3674-4FA4-8176-723C175A2469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*",
"matchCriteriaId": "A3CB3836-AD68-4167-98FD-5B05CC9C92EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*",
"matchCriteriaId": "604CF453-CBBE-4123-B3ED-87A8CBF407DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*",
"matchCriteriaId": "6AF52278-E711-4656-9A1C-0A3A7F3C671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*",
"matchCriteriaId": "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*",
"matchCriteriaId": "8A0D1287-7A32-4F56-97F2-8573F12D8EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*",
"matchCriteriaId": "69858B8E-E4C7-485C-882A-206E07D7343F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*",
"matchCriteriaId": "C2B82BFA-39B6-4DC8-B691-3284FDCFA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*",
"matchCriteriaId": "FD4E8470-B8CE-4670-8334-86B817180E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*",
"matchCriteriaId": "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*",
"matchCriteriaId": "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*",
"matchCriteriaId": "41EA5F8E-05B5-4C4A-8853-B6948C358F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*",
"matchCriteriaId": "3E1A5843-F09A-4BBE-878D-C967E4061B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*",
"matchCriteriaId": "D579A835-6B7F-4C77-991F-C760CB8D3750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*",
"matchCriteriaId": "B4935091-B9B4-4EA7-8785-FE4529ACFEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*",
"matchCriteriaId": "33DAB50E-18A0-43CC-9043-5E2B722F3A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*",
"matchCriteriaId": "0E1E9E82-17E3-4B43-AD5B-BBAD25759950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*",
"matchCriteriaId": "E73BDC2E-3C39-454F-B929-8BB936F36AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*",
"matchCriteriaId": "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*",
"matchCriteriaId": "9EA739D6-10BD-48B4-9C30-92BE4381C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*",
"matchCriteriaId": "79219E01-26C2-462C-B604-783490F26565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*",
"matchCriteriaId": "6F121147-1AAB-4123-AFD2-31F39434819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*",
"matchCriteriaId": "52B9445C-4B0E-437A-BE3C-DBB8A621D354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*",
"matchCriteriaId": "979495B8-8BF0-41B0-9BD5-48554A9C8889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:8.2:-:*:*:*:*:*:*",
"matchCriteriaId": "40359DB5-5D7C-4864-A00C-607F264DACEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message."
},
{
"lang": "es",
"value": "OX App Suite hasta 8.2 permite XSS a trav\u00e9s de una cierta jerarqu\u00eda compleja que obliga al uso de Mostrar Mensaje Completo para un mensaje de correo electr\u00f3nico HTML enorme."
}
],
"id": "CVE-2022-29853",
"lastModified": "2024-11-21T06:59:49.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T04:15:10.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Sep/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Sep/0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un JavaScript en una Nota referenciada mediante una URL mail://"
}
],
"id": "CVE-2021-23933",
"lastModified": "2024-11-21T05:52:04.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T22:15:12.823",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 04:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.3 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 | |
| open-xchange | open-xchange_appsuite | 7.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77DCBA3-CB5A-4F73-817E-717C8335463E",
"versionEndIncluding": "7.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*",
"matchCriteriaId": "0F7C6765-34DD-4326-99A8-F85DA19ECE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*",
"matchCriteriaId": "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "F57910B1-968D-4DF3-8C2D-9EB3765C7214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*",
"matchCriteriaId": "A07A8019-D7D7-4E1D-AEA7-DF509175393D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*",
"matchCriteriaId": "9FEEF620-CD8A-49C4-89D6-565503A1790F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6164303F-253E-440C-A45C-94FFF7B492AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8681201A-5DB3-42A9-A203-9641B4459537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "C567F8B8-D9D0-4006-819C-C995C6573FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "07FEF270-E3ED-463D-9940-7FC9573E40C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "BF34B133-486B-4D77-8745-4D0E082FF8D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en el componente office-web en Open-Xchange OX App Suite en versiones anteriores a la 7.8.3-rev12 y versiones 7.8.4 anteriores a la 7.8.4-rev9 permite que atacantes remoto inyecten scripts web o HTML arbitrarios mediante un archivo de presentaci\u00f3n manipulado. Esto est\u00e1 relacionado con la copia de contenidos al portapapeles."
}
],
"id": "CVE-2018-5754",
"lastModified": "2024-11-21T04:09:19.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-16T01:29:06.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-20 13:15
Modified
2024-11-21 04:21
Severity ?
Summary
OX App Suite 7.10.0 to 7.10.2 allows XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69277FAF-AF8C-41C8-A8BC-345290A75B78",
"versionEndIncluding": "7.10.2",
"versionStartIncluding": "7.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.0 to 7.10.2 allows XSS."
},
{
"lang": "es",
"value": "OX App Suite 7.10.0 a 7.10.2 permite XSS."
}
],
"id": "CVE-2019-11522",
"lastModified": "2024-11-21T04:21:16.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T13:15:11.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154128/Open-Xchange-OX-App-Suite-Content-Spoofing-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-24 05:06
Modified
2024-11-21 02:06
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.4.1 | |
| open-xchange | open-xchange_appsuite | 7.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4051DD61-3387-4CFB-9243-FCB602813F10",
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABF6E32-2996-4DCF-A4A2-197CCFAEE22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A708019-6229-4768-994C-5A51B0495CAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Open-Xchange AppSuite 7.4.1 anterior a 7.4.1-rev11 y 7.4.2 anterior a 7.4.2-rev13 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de un nombre de archivo Drive que no est\u00e1 manejado debidamente durante el uso del compositor para a\u00f1adir un adjunto de email."
}
],
"id": "CVE-2014-2393",
"lastModified": "2024-11-21T02:06:12.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-24T05:06:05.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/531762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/531762"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-20 13:19
Modified
2024-11-21 01:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAEED7B-C295-42B4-A60B-2EAA596E3D65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Open-Xchange (OX) AppSuite 7.2.x anterior a la versi\u00f3n 7.2.2-rev25 y 7.4.x anterior a 7.4.0-rev14 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de un archivo SVG adjunto."
}
],
"id": "CVE-2013-6074",
"lastModified": "2024-11-21T01:58:42.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-20T13:19:42.697",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/99487"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55575"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88609"
},
{
"source": "cve@mitre.org",
"url": "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/99487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/123934/Open-Xchange-AppSuite-Script-Insertion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 04:09
Severity ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE77111-9626-48C1-9C13-6FF650B91363",
"versionEndIncluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "D4417841-A79D-479F-BBB4-13892CD29CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "11FED64F-98F2-4155-A34D-DCC0DCF55CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "544677BC-DEFB-45B8-BB08-124E5666A04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "ABA212B4-FC4B-4268-A778-23D588E76880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "10D10170-9528-49BB-88B8-92A4D016EA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "2DA48ACB-659B-408C-B7E1-945A6333C1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "449B4C7A-6287-4018-86AA-D34BEF8DB83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "8BF46085-0E23-4C9C-9899-30EB63EFC392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "39BB146E-14BF-4AC7-B267-3176545CBCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "64201845-70B6-4124-BA02-DE0646BE75A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "5E5DE686-E794-4C06-9AC8-5682B1CF68AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev32:*:*:*:*:*:*",
"matchCriteriaId": "E4710EAE-6227-4A72-9549-6EEF0CEB6E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev33:*:*:*:*:*:*",
"matchCriteriaId": "7AD9AE40-5AE0-4DA6-BD1D-CC02746DA917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev35:*:*:*:*:*:*",
"matchCriteriaId": "3681A31A-1795-4C44-B482-1F1028449960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E26B66B2-9BE8-4843-9B4B-D673FAC44023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2633E559-38E4-4024-BB5F-94EDFE5F93FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E804C89F-033F-43B3-B63B-172F9B2136CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*",
"matchCriteriaId": "0F7C6765-34DD-4326-99A8-F85DA19ECE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*",
"matchCriteriaId": "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*",
"matchCriteriaId": "B040A950-FEC3-465D-AD19-3AA8EE11AE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*",
"matchCriteriaId": "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "76D18DCA-5D64-4D38-99B0-1B984C402E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "46718CD2-0403-4DA2-B157-5714BD654EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "4BA1274B-9103-449F-ABD1-C898B716B433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "3BB485BC-3247-4E06-8017-118B597B0184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*",
"matchCriteriaId": "6C447C6E-6188-47C6-BC68-8FD99B49F2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "211647E5-8BCA-4393-B54B-CE382D5DF3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*",
"matchCriteriaId": "855C2E78-C554-43A7-BD3F-747053F45709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "64594DD5-2816-4123-A12C-505FE4480AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "30145547-3406-4639-A5AD-52EFAA734EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*",
"matchCriteriaId": "91040A22-04F6-43ED-A6A1-060703D285C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "5A3E2338-E774-4188-B352-B79FBB9C5511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "E8381BB7-3602-4DCF-A070-1067C277AAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "98B758CC-D26C-4B83-98E7-3BA4ECF96966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*",
"matchCriteriaId": "7BCE965A-70BE-4159-93D8-A2520C8C4CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*",
"matchCriteriaId": "1152B60C-3188-4BE7-897A-B09C5732ECAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*",
"matchCriteriaId": "5F1F087A-7373-4B7F-87BD-8509704F47CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*",
"matchCriteriaId": "D82CB956-9A14-49C5-8308-52198589BAC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*",
"matchCriteriaId": "2F202094-2A74-44DA-BB3A-06AF3326E544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*",
"matchCriteriaId": "DC128D82-A687-4043-AC01-9A329ED9F9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*",
"matchCriteriaId": "CBE4CF1D-B716-4992-B3DE-599AD7407780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*",
"matchCriteriaId": "49FCC4A7-3078-421A-A3A1-C58976F47262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev41:*:*:*:*:*:*",
"matchCriteriaId": "E57747B2-0C7B-4004-82AA-8C59CABC3B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev42:*:*:*:*:*:*",
"matchCriteriaId": "BECD9AD4-EB03-4BF0-A219-DD965A55670A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev43:*:*:*:*:*:*",
"matchCriteriaId": "5E0F6A5B-BDBB-4DF5-91A0-440834EE161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "F57910B1-968D-4DF3-8C2D-9EB3765C7214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*",
"matchCriteriaId": "A07A8019-D7D7-4E1D-AEA7-DF509175393D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*",
"matchCriteriaId": "9FEEF620-CD8A-49C4-89D6-565503A1790F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6164303F-253E-440C-A45C-94FFF7B492AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "4DD257D7-D9B2-4036-92D6-3A923B7DC59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "36383B07-AF6C-4EDA-A35E-50633D1612A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "032B8B47-9E01-41B3-99D4-DECD4727DEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F7211571-4614-4169-A897-D0047304A4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "992082E5-5E00-40F0-8246-FD44D189C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "4279A168-8A9A-43FF-8766-738EE31D6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "5A734819-B817-4E54-89B1-B6A5FD52C758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*",
"matchCriteriaId": "63AFF50B-7ABD-455D-A2A5-05432B41E4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*",
"matchCriteriaId": "E2842D25-1A80-4403-B7A2-6E26527588E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*",
"matchCriteriaId": "7DAA5D88-75E9-4D77-9F34-AB456F0733F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*",
"matchCriteriaId": "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8681201A-5DB3-42A9-A203-9641B4459537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "C567F8B8-D9D0-4006-819C-C995C6573FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "07FEF270-E3ED-463D-9940-7FC9573E40C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "BF34B133-486B-4D77-8745-4D0E082FF8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the \"groups\" and \"users\" APIs."
},
{
"lang": "es",
"value": "El componente backend en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev36, versiones 7.8.x anteriores a la 7.8.2-rev39, versiones 7.8.3 anteriores a la 7.8.3-rev44 y versiones 7.8.4 anteriores a la 7.8.4-rev22 permite que usuarios remotos autenticados obtengan informaci\u00f3n sensible sobre usuarios invitados externos mediante vectores relacionados con las API \"groups\" y \"users\"."
}
],
"id": "CVE-2018-5751",
"lastModified": "2024-11-21T04:09:19.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-16T01:29:06.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:53
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/538892/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/91775 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1036296 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/538892/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91775 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036296 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev12:*:*:*:*:*:*",
"matchCriteriaId": "3C2B6BD4-4227-4BBB-AAAC-67C013086E31",
"versionEndIncluding": "7.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag\u0026drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering)."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev14. A\u00f1adir im\u00e1genes de recursos externos a los editores HTML con drag\u0026drop puede potencialmente permitir una ejecuci\u00f3n de c\u00f3digo script en el contexto de un usuario activo. Para explotar esto, un usuario necesita ser enga\u00f1ado para usar una imagen de un sitio web manipulado especial y a\u00f1adirla a las \u00e1reas de editor HTML de OX App Suite, por ejemplo E-Mail Compose o OX Text. Este ataque espec\u00edfico evita los filtros XSS y los mecanismos de detecci\u00f3n t\u00edpicos, ya que el c\u00f3digo no se carga desde un servicio externo sino que se inyecta localmente. El c\u00f3digo script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesi\u00f3n o activar acciones no deseadas a trav\u00e9s de la interfaz web (env\u00edo de correo, eliminaci\u00f3n de datos, etc.). Para explotar esta vulnerabilidad, un atacante necesita convencer a un usuario de seguir pasos espec\u00edficos (ingenier\u00eda social)."
}
],
"id": "CVE-2016-5124",
"lastModified": "2024-11-21T02:53:40.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:13.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538892/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91775"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/137894/Open-Xchange-App-Suite-7.8.1-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538892/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036296"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2024-11-21 01:53
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_server | 6.20.7 | |
| open-xchange | open-xchange_server | 6.22.0 | |
| open-xchange | open-xchange_server | 6.22.1 | |
| open-xchange | open-xchange_server | 7.0.1 | |
| open-xchange | open-xchange_server | 7.0.2 | |
| open-xchange | open-xchange_server | 7.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE83E623-175D-4F81-B92E-C170FDD896EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58989467-7850-4D91-86D4-524EBE325869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BED21777-8642-49AC-A99F-87ED9B21FE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBAE267-EAB9-403A-8E1D-7C8EE68F0A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5500DAF-78C2-4E30-AB1C-EF623C43956B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB2BB8DD-3901-44D7-9C35-C9403B6A919D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en Open-Xchange AppSuite y Server anterior a 6.20.7 rev14, 6.22.0 anterior a rev13, y 6.22.1 anterior a rev14, 7.0.1 anterior a rev7, 7.0.2 anterior a rev11, y 7.2.0 anterior a rev8, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) VBScript, embebido (2) contenido object/data Base64 , (3) una cabecera Content-Type , o (4) codificaci\u00f3n UTF-16 , aka Bug IDs 25957, 26237, 26243, and 26244."
}
],
"id": "CVE-2013-3106",
"lastModified": "2024-11-21T01:53:00.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-05T11:44:57.690",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 03:36
Severity ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "OX Software GmbH OX App Suite versi\u00f3n 7.8.4 y anteriores, se ven afectados por: Cross Site Scripting (XSS)."
}
],
"id": "CVE-2017-9808",
"lastModified": "2024-11-21T03:36:53.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-22T20:29:00.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 03:46
Severity ?
Summary
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jan/46 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jan/46 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)"
},
{
"lang": "es",
"value": "OX App Suite, en versiones 7.8.4 y anteriores, permite Cross-Site Scripting (XSS). Referencia interna: 58742 (Bug ID)"
}
],
"id": "CVE-2018-13104",
"lastModified": "2024-11-21T03:46:26.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:00:17.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/46"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:17
Severity ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/components/releasenotes/7.8.3/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/components/releasenotes/7.8.3/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "OX Software GmbH OX App Suite versi\u00f3n 7.8.4 y anteriores, se ven afectados por: Cross Site Scripting (XSS)."
}
],
"id": "CVE-2017-17061",
"lastModified": "2024-11-21T03:17:25.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T15:29:00.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/components/releasenotes/7.8.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/components/releasenotes/7.8.3/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-14 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
OX App Suite 7.10.1 and 7.10.2 allows XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Oct/25 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Oct/25 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4CC04-9CAA-467A-AE72-CF3AC970296C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA29625-42CD-49CC-9E34-858CB6C5D28B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.1 and 7.10.2 allows XSS."
},
{
"lang": "es",
"value": "OX App Suite versi\u00f3n 7.10.1 y versi\u00f3n 7.10.2 permite Cross-Site Scripting (XSS)."
}
],
"id": "CVE-2019-14227",
"lastModified": "2024-11-21T04:26:14.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-14T17:15:09.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/25"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9451471A-06E1-456C-8B82-ADEB746B97C7",
"versionEndIncluding": "7.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo SSRF por medio de una URL con un car\u00e1cter @ en una petici\u00f3n PUT de appsuite/api/oauth/proxy"
}
],
"id": "CVE-2021-23927",
"lastModified": "2024-11-21T05:52:03.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T22:15:12.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-30 22:15
Modified
2024-11-21 06:06
Severity ?
Summary
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Not Applicable, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Not Applicable, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9451471A-06E1-456C-8B82-ADEB746B97C7",
"versionEndIncluding": "7.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view."
},
{
"lang": "es",
"value": "OX App Suite versiones 7.10.4 y anteriores permiten un ataque de tipo XSS por medio de una lista de distribuci\u00f3n dise\u00f1ada (carga \u00fatil en el nombre com\u00fan) que es manejada inapropiadamente en la vista de programaci\u00f3n."
}
],
"id": "CVE-2021-31935",
"lastModified": "2024-11-21T06:06:32.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-30T22:15:07.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-10 15:29
Modified
2024-11-21 03:10
Severity ?
Summary
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://app.com | Not Applicable | |
| cve@mitre.org | http://ox.com | Broken Link | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://app.com | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "OX Software GmbH App Suite versi\u00f3n 7.8.4 y anteriores estan afectadas por: Cross Site Scripting (XSS)."
}
],
"id": "CVE-2017-12885",
"lastModified": "2024-11-21T03:10:22.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-10T15:29:00.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://app.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://app.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via an inline binary file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via an inline binary file."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un archivo binario en l\u00ednea"
}
],
"id": "CVE-2021-23931",
"lastModified": "2024-11-21T05:52:04.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T22:15:12.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-18 13:15
Modified
2024-11-21 04:47
Severity ?
Summary
OX App Suite 7.10.1 and earlier allows Information Exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.open-xchange.com/ | Vendor Advisory | |
| nvd@nist.gov | https://packetstormsecurity.com/files/152404/Open-Xchange-AppSuite-7.10.1-Information-Disclosure-Improper-Access-Control.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73A93F11-F8F2-44D2-B343-8D6058E5BC5D",
"versionEndIncluding": "7.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.1 and earlier allows Information Exposure."
},
{
"lang": "es",
"value": "OX App Suite 7.10.1 y versiones anteriores permiten la exposici\u00f3n de la informaci\u00f3n."
}
],
"id": "CVE-2019-7159",
"lastModified": "2024-11-21T04:47:41.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-18T13:15:10.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://packetstormsecurity.com/files/152404/Open-Xchange-AppSuite-7.10.1-Information-Disclosure-Improper-Access-Control.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:56
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D4F30E-2F52-4948-9C69-C57472833C79",
"versionEndExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Las presentaciones pueden contener referencias a im\u00e1genes controladas por el usuario y podr\u00edan incluir c\u00f3digo de script malicioso que se procesa al editar un documento. El c\u00f3digo de script incorporado en documentos maliciosos podr\u00eda ejecutarse en el contexto en el que el usuario edita el documento al realizar determinadas acciones, como copiar contenido. El atributo relevante ahora se codifica para evitar la posibilidad de ejecutar c\u00f3digo de script. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-29043",
"lastModified": "2024-11-21T07:56:26.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-02T14:15:11.017",
"references": [
{
"source": "security@open-xchange.com",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 19:15
Modified
2024-11-21 02:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAEED7B-C295-42B4-A60B-2EAA596E3D65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el back-end en Open-Xchange (OX) AppSuite versiones 7.2.x anteriores a la versi\u00f3n 7.2.2-rev26 y versiones 7.4.x anteriores a la versi\u00f3n 7.4.0-rev16, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del nombre de la publicaci\u00f3n, que no es manejado apropiadamente en un mensaje de error. NOTA: esta vulnerabilidad fue SEPARADA de CVE-2013-6242 porque afecta a diferentes conjuntos de versiones."
}
],
"id": "CVE-2013-7485",
"lastModified": "2024-11-21T02:01:07.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T19:15:12.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/100385"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55837"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029394"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://xforce.iss.net/xforce/xfdb/89250"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://xforce.iss.net/xforce/xfdb/89251"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/100385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://xforce.iss.net/xforce/xfdb/89250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://xforce.iss.net/xforce/xfdb/89251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-23 05:15
Modified
2024-11-21 05:04
Severity ?
Summary
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/Oct/20 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/Oct/20 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF por medio de la API de mensajes /ajax/messaging/message"
}
],
"id": "CVE-2020-15002",
"lastModified": "2024-11-21T05:04:36.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-23T05:15:13.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/Oct/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-06 20:15
Modified
2024-11-21 04:31
Severity ?
Summary
OX App Suite through 7.10.2 has XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Jan/7 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CF4B9A-D36A-4A8E-B2A2-34C0CA70A24C",
"versionEndIncluding": "7.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.2 has XSS."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta la versi\u00f3n 7.10.2, tiene una vulnerabilidad de tipo XSS."
}
],
"id": "CVE-2019-16717",
"lastModified": "2024-11-21T04:31:02.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-06T20:15:12.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Not Applicable, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Not Applicable, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de una cita en el que la ubicaci\u00f3n contiene c\u00f3digo JavaScript"
}
],
"id": "CVE-2021-23935",
"lastModified": "2024-11-21T05:52:05.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T22:15:12.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-14 16:15
Modified
2024-11-21 02:11
Severity ?
Summary
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.4.2 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567B4139-220A-46A7-B847-616F99A1EA66",
"versionEndIncluding": "7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A708019-6229-4768-994C-5A51B0495CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision1:*:*:*:*:*:*",
"matchCriteriaId": "A4895984-4266-4924-A9C4-4DFEA90AFF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision10:*:*:*:*:*:*",
"matchCriteriaId": "39A9F45E-5CAB-4BE5-8EAB-9E5ED43B4381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision2:*:*:*:*:*:*",
"matchCriteriaId": "72DB60BE-F818-4481-95BD-C0C1A42F2618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision3:*:*:*:*:*:*",
"matchCriteriaId": "0B54DE9D-563C-45A9-BDED-3F216FECF28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision4:*:*:*:*:*:*",
"matchCriteriaId": "F2A40E87-368E-4815-9988-1153E1866103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision5:*:*:*:*:*:*",
"matchCriteriaId": "E112E77E-C2CC-40D4-A8DC-F1FF76305CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision6:*:*:*:*:*:*",
"matchCriteriaId": "76A099A1-23A0-4F0B-84C4-05C687F24F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision7:*:*:*:*:*:*",
"matchCriteriaId": "D0E95BA0-1517-4DAA-93B5-2B84DF4C3074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision8:*:*:*:*:*:*",
"matchCriteriaId": "5F1899F3-6554-4C42-ACA2-4C22993D49DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision9:*:*:*:*:*:*",
"matchCriteriaId": "A45F679A-7F4D-49A5-8B95-E588102601F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A22E01-73E0-4140-8BA1-AB147A9471CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision1:*:*:*:*:*:*",
"matchCriteriaId": "91DC49BA-9FF4-4E0F-9723-E8F2970D6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision2:*:*:*:*:*:*",
"matchCriteriaId": "BB0ABA40-F8EF-4368-98A6-083F0E4528EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision3:*:*:*:*:*:*",
"matchCriteriaId": "B9E00E96-8D99-4579-8104-274908F3AAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision4:*:*:*:*:*:*",
"matchCriteriaId": "733FEC4F-0DC2-49DE-8660-449CCE5A7F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision5:*:*:*:*:*:*",
"matchCriteriaId": "CFA35536-65FA-4228-9C84-CC69C91B3A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision6:*:*:*:*:*:*",
"matchCriteriaId": "0A6AABD0-D82F-465B-8B73-CA0B8A611DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision7:*:*:*:*:*:*",
"matchCriteriaId": "85511C44-A366-4F62-944B-AEEDB8A6B938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision8:*:*:*:*:*:*",
"matchCriteriaId": "D3AD4BE8-CC1D-4FFA-B890-F565EA555366",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XML external entity (XXE) en Open-Xchange (OX) AppSuite versiones anteriores a 7.4.2-rev11 y versiones 7.6.x anteriores a 7.6.0-rev9, permite a atacantes remotos leer archivos arbitrarios y posiblemente otro impacto no especificado por medio de un documento OpenDocument Text dise\u00f1ado."
}
],
"id": "CVE-2014-5238",
"lastModified": "2024-11-21T02:11:40.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-14T16:15:11.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-05 20:29
Modified
2024-11-21 04:16
Severity ?
Summary
Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jul/12 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1041213 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jul/12 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041213 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE77111-9626-48C1-9C13-6FF650B91363",
"versionEndIncluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "D4417841-A79D-479F-BBB4-13892CD29CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "11FED64F-98F2-4155-A34D-DCC0DCF55CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "544677BC-DEFB-45B8-BB08-124E5666A04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "ABA212B4-FC4B-4268-A778-23D588E76880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "10D10170-9528-49BB-88B8-92A4D016EA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "2DA48ACB-659B-408C-B7E1-945A6333C1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "449B4C7A-6287-4018-86AA-D34BEF8DB83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "8BF46085-0E23-4C9C-9899-30EB63EFC392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "39BB146E-14BF-4AC7-B267-3176545CBCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "64201845-70B6-4124-BA02-DE0646BE75A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "5E5DE686-E794-4C06-9AC8-5682B1CF68AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev32:*:*:*:*:*:*",
"matchCriteriaId": "E4710EAE-6227-4A72-9549-6EEF0CEB6E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev33:*:*:*:*:*:*",
"matchCriteriaId": "7AD9AE40-5AE0-4DA6-BD1D-CC02746DA917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev35:*:*:*:*:*:*",
"matchCriteriaId": "3681A31A-1795-4C44-B482-1F1028449960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev36:*:*:*:*:*:*",
"matchCriteriaId": "7E1BDCDE-71F7-4B9B-BD53-153EA1982A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E26B66B2-9BE8-4843-9B4B-D673FAC44023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2633E559-38E4-4024-BB5F-94EDFE5F93FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E804C89F-033F-43B3-B63B-172F9B2136CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*",
"matchCriteriaId": "0F7C6765-34DD-4326-99A8-F85DA19ECE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*",
"matchCriteriaId": "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*",
"matchCriteriaId": "B040A950-FEC3-465D-AD19-3AA8EE11AE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*",
"matchCriteriaId": "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "76D18DCA-5D64-4D38-99B0-1B984C402E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "46718CD2-0403-4DA2-B157-5714BD654EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "4BA1274B-9103-449F-ABD1-C898B716B433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "3BB485BC-3247-4E06-8017-118B597B0184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*",
"matchCriteriaId": "6C447C6E-6188-47C6-BC68-8FD99B49F2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "211647E5-8BCA-4393-B54B-CE382D5DF3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*",
"matchCriteriaId": "855C2E78-C554-43A7-BD3F-747053F45709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "64594DD5-2816-4123-A12C-505FE4480AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "30145547-3406-4639-A5AD-52EFAA734EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*",
"matchCriteriaId": "91040A22-04F6-43ED-A6A1-060703D285C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "5A3E2338-E774-4188-B352-B79FBB9C5511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "E8381BB7-3602-4DCF-A070-1067C277AAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "98B758CC-D26C-4B83-98E7-3BA4ECF96966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*",
"matchCriteriaId": "7BCE965A-70BE-4159-93D8-A2520C8C4CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*",
"matchCriteriaId": "1152B60C-3188-4BE7-897A-B09C5732ECAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*",
"matchCriteriaId": "5F1F087A-7373-4B7F-87BD-8509704F47CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*",
"matchCriteriaId": "D82CB956-9A14-49C5-8308-52198589BAC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*",
"matchCriteriaId": "2F202094-2A74-44DA-BB3A-06AF3326E544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*",
"matchCriteriaId": "DC128D82-A687-4043-AC01-9A329ED9F9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*",
"matchCriteriaId": "CBE4CF1D-B716-4992-B3DE-599AD7407780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*",
"matchCriteriaId": "49FCC4A7-3078-421A-A3A1-C58976F47262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev41:*:*:*:*:*:*",
"matchCriteriaId": "E57747B2-0C7B-4004-82AA-8C59CABC3B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev42:*:*:*:*:*:*",
"matchCriteriaId": "BECD9AD4-EB03-4BF0-A219-DD965A55670A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev43:*:*:*:*:*:*",
"matchCriteriaId": "5E0F6A5B-BDBB-4DF5-91A0-440834EE161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev44:*:*:*:*:*:*",
"matchCriteriaId": "4B02483E-5003-4FB2-B935-46A3C535D050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev45:*:*:*:*:*:*",
"matchCriteriaId": "D17FE1EE-BB1E-4553-8902-F293B12829DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev46:*:*:*:*:*:*",
"matchCriteriaId": "BA389E69-E455-4FCD-9E8B-5AF5AF204A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev47:*:*:*:*:*:*",
"matchCriteriaId": "83853E83-B5D6-4441-B40E-BD888C6FD007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "F57910B1-968D-4DF3-8C2D-9EB3765C7214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*",
"matchCriteriaId": "A07A8019-D7D7-4E1D-AEA7-DF509175393D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*",
"matchCriteriaId": "9FEEF620-CD8A-49C4-89D6-565503A1790F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6164303F-253E-440C-A45C-94FFF7B492AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "4DD257D7-D9B2-4036-92D6-3A923B7DC59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "36383B07-AF6C-4EDA-A35E-50633D1612A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "032B8B47-9E01-41B3-99D4-DECD4727DEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F7211571-4614-4169-A897-D0047304A4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "992082E5-5E00-40F0-8246-FD44D189C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "4279A168-8A9A-43FF-8766-738EE31D6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "5A734819-B817-4E54-89B1-B6A5FD52C758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*",
"matchCriteriaId": "63AFF50B-7ABD-455D-A2A5-05432B41E4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*",
"matchCriteriaId": "E2842D25-1A80-4403-B7A2-6E26527588E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*",
"matchCriteriaId": "7DAA5D88-75E9-4D77-9F34-AB456F0733F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*",
"matchCriteriaId": "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev22:*:*:*:*:*:*",
"matchCriteriaId": "FD42433D-4B5C-43F5-8C5C-D97C6C3E5613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev23:*:*:*:*:*:*",
"matchCriteriaId": "B30EB62B-FEAC-4E7C-8AB8-E27879E18006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev24:*:*:*:*:*:*",
"matchCriteriaId": "88A08BF6-4410-48F9-B4D9-FCCA7B6DBF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev25:*:*:*:*:*:*",
"matchCriteriaId": "49A24746-6C5E-48BE-A001-CB25BF0189D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev26:*:*:*:*:*:*",
"matchCriteriaId": "7DA74FDF-0313-4783-B69D-17861F228FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev27:*:*:*:*:*:*",
"matchCriteriaId": "949DD220-BFA8-4C5B-8334-5D545D336879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8681201A-5DB3-42A9-A203-9641B4459537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "C567F8B8-D9D0-4006-819C-C995C6573FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "07FEF270-E3ED-463D-9940-7FC9573E40C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "BF34B133-486B-4D77-8745-4D0E082FF8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an \"all\" action to api/tasks."
},
{
"lang": "es",
"value": "Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev37, versiones 7.8.x anteriores a la 7.8.2-rev40, versiones 7.8.3 anteriores a la 7.8.3-rev48 y versiones 7.8.4 anteriores a la 7.8.4-rev28 incluye los nombres de carpeta en las respuestas de error de la API. Esto permite que los atacantes remotos obtengan informaci\u00f3n sensible mediante el par\u00e1metro folder en una acci\u00f3n \"all\" en api/tasks."
}
],
"id": "CVE-2018-9998",
"lastModified": "2024-11-21T04:16:00.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-05T20:29:00.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041213"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2024-11-21 01:56
Severity ?
Summary
Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en Open-Xchange AppSuite, 7.0.2 rev14, 7.2.0 anteior a rev11, 7.2.1 anteior a rev10, y 7.2.2 anteior a rev9 depende de los datos proporcionados por el usuario para predecir el nombre de host para un dominio externo, lo que permite a usuarios autenticados remotamente descubrir las credenciales de correo de otros usuarios en circunstancias oportunas a trav\u00e9s de una asociaci\u00f3n manual de una direcci\u00f3n de correo personal con el nombre manipulado del servidor IMAP."
}
],
"id": "CVE-2013-4790",
"lastModified": "2024-11-21T01:56:25.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-05T11:44:57.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 02:15
Modified
2024-11-21 07:04
Severity ?
Summary
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3B06B3-8919-4D41-87A6-DA39189750B9",
"versionEndExcluding": "7.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FE68F102-2EE1-44FF-A8AB-6F71F62712D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*",
"matchCriteriaId": "4F5923E6-C4C1-492F-A130-65D102F67B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*",
"matchCriteriaId": "D703A274-D197-42B3-9720-70E6CCD9E825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*",
"matchCriteriaId": "D4D5F145-F2BA-4589-8B9A-B967069EA355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*",
"matchCriteriaId": "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*",
"matchCriteriaId": "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*",
"matchCriteriaId": "3FAD63B8-9158-4552-8987-3A418AC5A3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*",
"matchCriteriaId": "87793628-6C35-4137-B584-3AE2A8363AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*",
"matchCriteriaId": "06C14CAB-9C56-48A2-82FA-16110923CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*",
"matchCriteriaId": "2201C280-3674-4FA4-8176-723C175A2469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*",
"matchCriteriaId": "A3CB3836-AD68-4167-98FD-5B05CC9C92EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*",
"matchCriteriaId": "604CF453-CBBE-4123-B3ED-87A8CBF407DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*",
"matchCriteriaId": "6AF52278-E711-4656-9A1C-0A3A7F3C671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*",
"matchCriteriaId": "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*",
"matchCriteriaId": "8A0D1287-7A32-4F56-97F2-8573F12D8EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*",
"matchCriteriaId": "69858B8E-E4C7-485C-882A-206E07D7343F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*",
"matchCriteriaId": "C2B82BFA-39B6-4DC8-B691-3284FDCFA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*",
"matchCriteriaId": "FD4E8470-B8CE-4670-8334-86B817180E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*",
"matchCriteriaId": "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*",
"matchCriteriaId": "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*",
"matchCriteriaId": "41EA5F8E-05B5-4C4A-8853-B6948C358F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*",
"matchCriteriaId": "3E1A5843-F09A-4BBE-878D-C967E4061B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*",
"matchCriteriaId": "D579A835-6B7F-4C77-991F-C760CB8D3750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*",
"matchCriteriaId": "B4935091-B9B4-4EA7-8785-FE4529ACFEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*",
"matchCriteriaId": "33DAB50E-18A0-43CC-9043-5E2B722F3A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*",
"matchCriteriaId": "0E1E9E82-17E3-4B43-AD5B-BBAD25759950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*",
"matchCriteriaId": "E73BDC2E-3C39-454F-B929-8BB936F36AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*",
"matchCriteriaId": "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*",
"matchCriteriaId": "9EA739D6-10BD-48B4-9C30-92BE4381C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*",
"matchCriteriaId": "79219E01-26C2-462C-B604-783490F26565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*",
"matchCriteriaId": "6F121147-1AAB-4123-AFD2-31F39434819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*",
"matchCriteriaId": "52B9445C-4B0E-437A-BE3C-DBB8A621D354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*",
"matchCriteriaId": "979495B8-8BF0-41B0-9BD5-48554A9C8889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*",
"matchCriteriaId": "A82EF754-CCB7-4A03-8986-42BA76E6A2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*",
"matchCriteriaId": "F4CAFBCA-BD13-4295-A558-844716BA0C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*",
"matchCriteriaId": "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class=\"deep-link-app\" for a /#!!\u0026app=%2e./ URI."
},
{
"lang": "es",
"value": "OX App Suite hasta 7.10.6 permite XSS a trav\u00e9s de un enlace profundo, como lo demuestra class=\"deep-link-app\" para un URI /#!!\u0026amp;app=%2e./."
}
],
"id": "CVE-2022-31469",
"lastModified": "2024-11-21T07:04:30.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T02:15:09.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2024-11-21 01:52
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_server | 6.20.7 | |
| open-xchange | open-xchange_server | 6.22.0 | |
| open-xchange | open-xchange_server | 6.22.1 | |
| open-xchange | open-xchange_server | 7.0.1 | |
| open-xchange | open-xchange_server | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE83E623-175D-4F81-B92E-C170FDD896EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58989467-7850-4D91-86D4-524EBE325869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BED21777-8642-49AC-A99F-87ED9B21FE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBAE267-EAB9-403A-8E1D-7C8EE68F0A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5500DAF-78C2-4E30-AB1C-EF623C43956B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en Open-Xchange AppSuite y Server anterior a v6.20.7 rev16, v6.22.0 anterior a rev15, v6.22.1 anterior a rev17, v7.0.1 anterior a rev6, y v7.0.2 anterior a rev7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) un javascript: URL, (2) elementos anidados SCRIPT que est\u00e1n malformados, (3) una firma de correo, o (4) c\u00f3digo JavaScript dentro de un archivo de imagen."
}
],
"id": "CVE-2013-2583",
"lastModified": "2024-11-21T01:52:00.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-05T11:44:57.623",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Not Applicable, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Not Applicable, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un contacto cuyo nombre contiene c\u00f3digo JavaScript"
}
],
"id": "CVE-2021-23934",
"lastModified": "2024-11-21T05:52:04.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T22:15:12.887",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 19:15
Modified
2024-11-21 01:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 6.22.3 | |
| open-xchange | open-xchange_appsuite | 6.22.4 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35AE7AAF-70B8-4FE4-B116-45C1169C14AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE301DF-C6FD-4689-84D7-A5551980FDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAEED7B-C295-42B4-A60B-2EAA596E3D65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el front-end en Open-Xchange (OX) AppSuite versiones 6.22.3 anteriores a la versi\u00f3n 6.22.3-rev5 y versiones 6.22.4 anteriores a la versi\u00f3n 6.22.4-rev12, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del asunto de un correo electr\u00f3nico. NOTA: las vulnerabilidades relacionadas con el cuerpo del correo electr\u00f3nico y el nombre de la publicaci\u00f3n fueron SEPARADAS de este ID de CVE porque afectan a diferentes conjuntos de versiones."
}
],
"id": "CVE-2013-6242",
"lastModified": "2024-11-21T01:58:54.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T19:15:11.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029394"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:51
Severity ?
7.6 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D4F30E-2F52-4948-9C69-C57472833C79",
"versionEndExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Se podr\u00eda abusar de las solicitudes para almacenar en cach\u00e9 una imagen y devolver sus metadatos para incluir consultas SQL que se ejecutar\u00edan sin comprobar. Explotar esta vulnerabilidad requiere al menos acceso a redes adyacentes del servicio de conversi\u00f3n de im\u00e1genes, que no est\u00e1 expuesto a redes p\u00fablicas de forma predeterminada. Se podr\u00edan ejecutar sentencias SQL Arbitrarias en el contexto de la cuenta de usuario de la base de datos de servicios. Las solicitudes de API ahora se verifican correctamente para detectar contenido v\u00e1lido y los intentos de omitir esta verificaci\u00f3n se registran como errores. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-26452",
"lastModified": "2024-11-21T07:51:29.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 6.0,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-02T14:15:10.647",
"references": [
{
"source": "security@open-xchange.com",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-25 10:31
Modified
2024-11-21 01:58
Severity ?
Summary
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200."
},
{
"lang": "es",
"value": "La API Hazelcast cluster en Open-Xchange AppSuite v7.0.x anterior a v7.0.2-rev15 y v7.2.x anterior a v7.2.2-rev16 no restringe correctamente el conjunto de interfaces de red que pueden recibir llamadas API, lo cual facilita a los atacantes remotos conseguir acceso mediante el env\u00edo de tr\u00e1fico de red desde una localizaci\u00f3n imprevista, una vulnerabilidad diferente de CVE-2013-5200."
}
],
"id": "CVE-2013-5935",
"lastModified": "2024-11-21T01:58:27.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-25T10:31:29.423",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:56
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93459 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93459 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*",
"matchCriteriaId": "63233ABF-06E1-4819-B885-1028FEA3EB5A",
"versionEndIncluding": "7.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. Usuarios pueden proporcionar rutas de archivo locales para el lector RSS; la respuesta y el c\u00f3digo de error dan sugerencias sobre si el archivo proporcionado existe o no. Atacantes podr\u00edan descubrir versiones de sistemas de archivos o bibliotecas espec\u00edficas en el servidor middleware para preparar futuros ataques."
}
],
"id": "CVE-2016-6852",
"lastModified": "2024-11-21T02:56:57.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:23.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93459"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:51
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev9:*:*:*:*:*:*",
"matchCriteriaId": "F8BB7BBD-7706-479D-B1DB-9EAC321913EB",
"versionEndIncluding": "7.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev11. El componente de desinfectante de contenido tiene un problema con el filtrado de contenido malicioso en caso de que un c\u00f3digo HTML inv\u00e1lido sea provisto. En estos casos el filtro emitir\u00e1 una representaci\u00f3n del contenido no desinfectada. El c\u00f3digo script malicioso puede ser ejecutado dentro de un contexto de usuario. Esto puede conducir al secuestro de sesi\u00f3n o desencadenamiento de acciones no deseadas a trav\u00e9s de la interfaz web (enviando correos, borrando datos etc.). Los atacantes pueden utilizar este problema para evadir el filtro para inyectar c\u00f3digo script m\u00e1s tarde."
}
],
"id": "CVE-2016-4026",
"lastModified": "2024-11-21T02:51:11.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:04.833",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-10 16:29
Modified
2024-11-21 03:10
Severity ?
Summary
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://app.com | Not Applicable | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://app.com | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure."
},
{
"lang": "es",
"value": "OX Software GmbH App Suite 7.8.4 y anteriores se ve afectada por: Divulgaci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2017-12884",
"lastModified": "2024-11-21T03:10:22.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-10T16:29:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://app.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://app.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-26 20:55
Modified
2024-11-21 02:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567B4139-220A-46A7-B847-616F99A1EA66",
"versionEndIncluding": "7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAEED7B-C295-42B4-A60B-2EAA596E3D65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en Open-Xchange (OX) AppSuite v7.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s del t\u00edtulo en una regla de filtrado de correo."
}
],
"id": "CVE-2013-7143",
"lastModified": "2024-11-21T02:00:25.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-26T20:55:05.970",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2014/Jan/57"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/102195"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029650"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Jan/57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/102195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90546"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2024-11-21 01:56
Severity ?
Summary
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5882C53B-466C-42FB-86CC-BD06F7E4DAC9",
"versionEndIncluding": "2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0927237D-D5A1-46EB-BAE5-46888187F4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "22472444-4FA4-47F3-9A3D-AA0C0BA4A7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B38D323C-AC7D-4573-B37A-9B42B43128C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30FBBEAA-8044-4CC4-BE57-E885BEE0E1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8CCDED-AD24-4685-B9CF-6E2A2CD1FAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0309A401-A4EE-4907-B6C8-9ACF4909CACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "30ED8AE2-C1B7-49C9-9196-9569635FE983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6022A958-C784-4DE8-B152-2A4F70CEA815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D996193D-7C15-40FF-8676-FCC1666CAFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25672975-0F1E-4EA5-8DC8-46B6BAFFC160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C60A95E6-A414-410A-BC7F-57A1347076DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "75310C21-E572-450A-86B6-D56403D6D810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.55:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3DCA01-9BAC-4638-8645-223E83FC90B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C12A5B4-FC2F-4F30-AF32-8EF3A06FB24D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76FD62-6CC5-40B4-BC1E-BBD8A9EDB63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA9B3BB-8A31-4F1F-B564-9B8A21C2859F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9A5D0D-F6C3-4D8E-99D6-BD10911F3E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F2510FA1-B868-402E-8298-2AB521442D7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de condici\u00f3n de carrera en HtmlCleaner anterior a v2.6, como es utilizado en Open-Xchange AppSuite v7.2.2 anterior a rev13 y otros productos, permiten a los usuarios remotos autenticados leer el correo electr\u00f3nico privado de otras personas en situaciones oportunistas, mediante el aprovechamiento de la falta de seguridad de los subprocesos y la realizaci\u00f3n de una serie r\u00e1pida de (1) env\u00edo de emails o (2) operaciones de guardado de borradores."
}
],
"evaluatorImpact": "CVSS score reflects vendor comments provided in http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html",
"id": "CVE-2013-5035",
"lastModified": "2024-11-21T01:56:56.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-05T11:44:57.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://sourceforge.net/p/htmlcleaner/bugs/86/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sourceforge.net/p/htmlcleaner/bugs/86/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-07 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 7.6.0 | |
| open-xchange | open-xchange_appsuite | 7.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF181B4-CEA4-4AF6-8B06-AE928A69AD3C",
"versionEndIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A22E01-73E0-4140-8BA1-AB147A9471CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74858ACF-6B38-4403-90DE-2374BE699486",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el backend en Open-Xchange (OX) AppSuite anterior a 7.4.2-rev40, 7.6.0 anterior a 7.6.0-rev32, y 7.6.1 anterior a 7.6.1-rev11 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un fichero XHTML manipulado con el tipo MIME application/xhtml+xml."
}
],
"id": "CVE-2014-8993",
"lastModified": "2024-11-21T02:20:03.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-07T18:59:01.370",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62031"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534383/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534383/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031488"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:56
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*",
"matchCriteriaId": "63233ABF-06E1-4819-B885-1028FEA3EB5A",
"versionEndIncluding": "7.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user\u0027s name to JS code makes that code execute when selecting that user\u0027s \"Templates\" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. Establecer el nombre del usuario en el c\u00f3digo JS hace que el c\u00f3digo se ejecute cuando se selecciona la carpeta \"Templates\" de ese usuario desde ajustes OX Documents. Esto requiere que esa capeta sea compartida a la victima. El c\u00f3digo script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesi\u00f3n o activar acciones no deseadas a trav\u00e9s de la interfaz web (env\u00edo de correo, eliminaci\u00f3n de datos, etc.)."
}
],
"id": "CVE-2016-6842",
"lastModified": "2024-11-21T02:56:56.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:15.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 05:39
Severity ?
Summary
OX App Suite through 7.10.3 has Improper Input Validation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6164303F-253E-440C-A45C-94FFF7B492AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev1:*:*:*:*:*:*",
"matchCriteriaId": "2C7EFE8F-CC45-436A-91A7-4D6CD1D60784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "4DD257D7-D9B2-4036-92D6-3A923B7DC59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "36383B07-AF6C-4EDA-A35E-50633D1612A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev12:*:*:*:*:*:*",
"matchCriteriaId": "A3305F0B-F84C-4F3A-8186-4086A2F29AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "032B8B47-9E01-41B3-99D4-DECD4727DEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F7211571-4614-4169-A897-D0047304A4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "992082E5-5E00-40F0-8246-FD44D189C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "4279A168-8A9A-43FF-8766-738EE31D6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "5A734819-B817-4E54-89B1-B6A5FD52C758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*",
"matchCriteriaId": "63AFF50B-7ABD-455D-A2A5-05432B41E4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*",
"matchCriteriaId": "E2842D25-1A80-4403-B7A2-6E26527588E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev2:*:*:*:*:*:*",
"matchCriteriaId": "42BCC26D-8B47-47E8-878A-11403C226E6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*",
"matchCriteriaId": "7DAA5D88-75E9-4D77-9F34-AB456F0733F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*",
"matchCriteriaId": "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev22:*:*:*:*:*:*",
"matchCriteriaId": "FD42433D-4B5C-43F5-8C5C-D97C6C3E5613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev23:*:*:*:*:*:*",
"matchCriteriaId": "B30EB62B-FEAC-4E7C-8AB8-E27879E18006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev24:*:*:*:*:*:*",
"matchCriteriaId": "88A08BF6-4410-48F9-B4D9-FCCA7B6DBF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev25:*:*:*:*:*:*",
"matchCriteriaId": "49A24746-6C5E-48BE-A001-CB25BF0189D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev26:*:*:*:*:*:*",
"matchCriteriaId": "7DA74FDF-0313-4783-B69D-17861F228FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev27:*:*:*:*:*:*",
"matchCriteriaId": "949DD220-BFA8-4C5B-8334-5D545D336879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev28:*:*:*:*:*:*",
"matchCriteriaId": "F82BCE0D-A798-4A8A-B028-37AB4E4E9D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev29:*:*:*:*:*:*",
"matchCriteriaId": "4DFC4CF9-F13A-43DC-81FA-2289D0B056F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8681201A-5DB3-42A9-A203-9641B4459537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev30:*:*:*:*:*:*",
"matchCriteriaId": "6C53AE9B-BA64-4925-A6EA-9F591324F4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev31:*:*:*:*:*:*",
"matchCriteriaId": "9ACF0B3D-A306-4E23-A361-195D3D732907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev32:*:*:*:*:*:*",
"matchCriteriaId": "5F71BE82-6E92-4372-99D7-ED46057CE572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev33:*:*:*:*:*:*",
"matchCriteriaId": "75473DD5-3E0C-472B-ABAB-993538E89A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev34:*:*:*:*:*:*",
"matchCriteriaId": "B7D5A6CF-DAC1-4435-99FC-613BC99AACAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev35:*:*:*:*:*:*",
"matchCriteriaId": "03D55E13-C2E3-4A01-8D2D-80F1C69ADB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev36:*:*:*:*:*:*",
"matchCriteriaId": "B9AA07E0-2863-436D-8585-6C0371371B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev37:*:*:*:*:*:*",
"matchCriteriaId": "03045CB8-638C-43C4-BAE3-B1F3586975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev38:*:*:*:*:*:*",
"matchCriteriaId": "81EB9BE2-498A-42D5-B500-750BD5907B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev39:*:*:*:*:*:*",
"matchCriteriaId": "2F5A4455-2DE5-409A-A5B0-4EE9503022F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "C567F8B8-D9D0-4006-819C-C995C6573FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev40:*:*:*:*:*:*",
"matchCriteriaId": "C5832883-CE88-4BE9-9F37-19BFF24DEE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev41:*:*:*:*:*:*",
"matchCriteriaId": "1B129936-271F-432D-AB91-25DA1E9AA960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev42:*:*:*:*:*:*",
"matchCriteriaId": "0132F603-FA0B-4F91-A49D-FCFA12FDAC3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev43:*:*:*:*:*:*",
"matchCriteriaId": "51626D24-7F17-4F43-A768-299F8ABAA663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev44:*:*:*:*:*:*",
"matchCriteriaId": "878A7C59-96A2-4EAE-BD72-77C810B9D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev45:*:*:*:*:*:*",
"matchCriteriaId": "77272167-B3E2-4046-8C03-1CF9C47E4ED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev46:*:*:*:*:*:*",
"matchCriteriaId": "AA7CB7E5-542D-4E9B-B0F3-05073113147B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev47:*:*:*:*:*:*",
"matchCriteriaId": "16E2357C-3A1B-4A9B-B115-8F7CB10D95FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev48:*:*:*:*:*:*",
"matchCriteriaId": "81033CCE-1255-43D2-B429-AAFA7C447885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev49:*:*:*:*:*:*",
"matchCriteriaId": "D8478E43-E40D-4E02-B258-055A2120FED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "07FEF270-E3ED-463D-9940-7FC9573E40C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev50:*:*:*:*:*:*",
"matchCriteriaId": "CD4F40EE-F6E2-45ED-97CA-82B472476622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev51:*:*:*:*:*:*",
"matchCriteriaId": "5D8FF2AA-C35F-4E68-A2EC-FC989E4CBE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev52:*:*:*:*:*:*",
"matchCriteriaId": "4C61C021-E42E-4387-85CF-2FBA2F061376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev53:*:*:*:*:*:*",
"matchCriteriaId": "96BCE7CA-5EB8-429F-A707-52DF87B92BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev54:*:*:*:*:*:*",
"matchCriteriaId": "AC6CF5C5-93B2-4E00-9ED3-DB337475EDAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev55:*:*:*:*:*:*",
"matchCriteriaId": "0CEC20C6-C269-455E-B069-D4071D2A06ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev56:*:*:*:*:*:*",
"matchCriteriaId": "84EAE1A5-7DD1-4F53-80AB-6BFAB46DA92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev57:*:*:*:*:*:*",
"matchCriteriaId": "B3C1745F-5866-4443-AA1A-1C66F47E91D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev58:*:*:*:*:*:*",
"matchCriteriaId": "37D8F313-87A1-4A8E-A357-97A9CFD5DDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev59:*:*:*:*:*:*",
"matchCriteriaId": "1C843E28-AA2C-4C95-9B4E-0135374D8E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev60:*:*:*:*:*:*",
"matchCriteriaId": "5DD3B406-C8AD-4C0F-9A9D-C2C1E0C4B7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev61:*:*:*:*:*:*",
"matchCriteriaId": "C9D33E26-E4EA-4DF6-AEA0-0D3321500232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev62:*:*:*:*:*:*",
"matchCriteriaId": "87DE98B2-602F-4C2A-9870-924A89E47A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev63:*:*:*:*:*:*",
"matchCriteriaId": "41B1D2EC-775F-4660-81BF-E45CFE1682E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev64:*:*:*:*:*:*",
"matchCriteriaId": "0CBCF797-67ED-4A06-99D0-C21A928202D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev65:*:*:*:*:*:*",
"matchCriteriaId": "790E20C5-DF4A-41E8-BCC1-C613097BACC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev66:*:*:*:*:*:*",
"matchCriteriaId": "87667829-EE71-4169-84C4-81557A10F1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev67:*:*:*:*:*:*",
"matchCriteriaId": "E713D3B0-6B90-4CFB-9FB3-D7CAC1B84415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "BF34B133-486B-4D77-8745-4D0E082FF8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4CC04-9CAA-467A-AE72-CF3AC970296C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev1:*:*:*:*:*:*",
"matchCriteriaId": "368ECEBC-4553-4A2A-8A2A-A4B8909C321D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev10:*:*:*:*:*:*",
"matchCriteriaId": "33BFF8F7-DB19-4F7B-9FED-5D3E50E31C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev11:*:*:*:*:*:*",
"matchCriteriaId": "8E60A592-965B-4ECD-BE52-C8BCF8164A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev12:*:*:*:*:*:*",
"matchCriteriaId": "37DC59B1-D23F-40EB-9F54-0BBBC8FA86E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev13:*:*:*:*:*:*",
"matchCriteriaId": "91897609-C38E-47ED-9A45-34C26ACD4558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev14:*:*:*:*:*:*",
"matchCriteriaId": "68CD6B95-5EAA-4D14-8958-787E7B8ADD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev15:*:*:*:*:*:*",
"matchCriteriaId": "A4EBEBD1-9E8A-4C18-95FA-E7D83A7DC557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev16:*:*:*:*:*:*",
"matchCriteriaId": "6BAF8872-87D9-4271-80AA-E4200E6D8F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev17:*:*:*:*:*:*",
"matchCriteriaId": "E0FDDD1D-7EDC-4ED8-9288-DA1976B044FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev18:*:*:*:*:*:*",
"matchCriteriaId": "AE6BC6B0-66A7-4B0A-9B11-E41A3C29064D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev19:*:*:*:*:*:*",
"matchCriteriaId": "0B981446-14BE-43A9-86FE-F282E8DA393D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev2:*:*:*:*:*:*",
"matchCriteriaId": "4190E7EF-E9BF-4B87-B5A7-F1C5639CF701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev20:*:*:*:*:*:*",
"matchCriteriaId": "DC995A29-A9DB-4160-BEAD-7E6A3606F802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev21:*:*:*:*:*:*",
"matchCriteriaId": "890672A1-63E4-45BA-B4A7-B1DCFCE03E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev22:*:*:*:*:*:*",
"matchCriteriaId": "32AB90D5-CF22-45E4-A7E5-A3BC355C051A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev23:*:*:*:*:*:*",
"matchCriteriaId": "4287D478-7B66-4B94-AF06-FCFA3E3A49E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev24:*:*:*:*:*:*",
"matchCriteriaId": "6949270A-47D6-495B-8B3A-CC97351E0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev25:*:*:*:*:*:*",
"matchCriteriaId": "FF8F4DA7-035F-4C6E-9E97-265CC57A548B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev26:*:*:*:*:*:*",
"matchCriteriaId": "F6C50535-9E15-418A-8908-23C247CCF861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev27:*:*:*:*:*:*",
"matchCriteriaId": "8503C015-94AF-419C-95DE-1A1043811B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8DF4B515-D246-44A9-B4FA-094E33840EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev4:*:*:*:*:*:*",
"matchCriteriaId": "20D6F057-6D60-45CD-AF64-A17655FE4332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev5:*:*:*:*:*:*",
"matchCriteriaId": "8AAEEE04-5D35-4007-9C19-47139D574C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev6:*:*:*:*:*:*",
"matchCriteriaId": "534A44A6-9F3F-4A95-8397-1264537AF98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev7:*:*:*:*:*:*",
"matchCriteriaId": "0FDC984D-9BA2-44A8-A448-0B5FFD3714F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev8:*:*:*:*:*:*",
"matchCriteriaId": "10C3CE2E-D599-4E7B-8DF7-CE143D38C248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev9:*:*:*:*:*:*",
"matchCriteriaId": "5D50AB43-34ED-4514-A46D-17DCE8C0E13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA29625-42CD-49CC-9E34-858CB6C5D28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev1:*:*:*:*:*:*",
"matchCriteriaId": "3A43F58A-EF5F-470F-AD23-EA211A257B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev10:*:*:*:*:*:*",
"matchCriteriaId": "AF15D091-E31B-4AF7-8565-A545338443D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev11:*:*:*:*:*:*",
"matchCriteriaId": "6530A58D-89B1-4991-8182-2CB39FF0607D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev12:*:*:*:*:*:*",
"matchCriteriaId": "359C31C1-FC65-4DB5-AC13-78752B991D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev13:*:*:*:*:*:*",
"matchCriteriaId": "20B39EEB-AE1F-41EF-BDA2-0C05583C19A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev14:*:*:*:*:*:*",
"matchCriteriaId": "6814E0FE-C61F-4621-BCE9-E315FD27BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev15:*:*:*:*:*:*",
"matchCriteriaId": "C500DC8B-1E2D-4D9E-89BF-DB1F583FCE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev16:*:*:*:*:*:*",
"matchCriteriaId": "B31AF178-6903-4C9C-85D0-4FC64B523D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev17:*:*:*:*:*:*",
"matchCriteriaId": "78BBF7A1-2683-4A1A-A907-22AA08547C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev18:*:*:*:*:*:*",
"matchCriteriaId": "8E8D7027-437A-4ACA-A4A1-34F2A1E49EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev19:*:*:*:*:*:*",
"matchCriteriaId": "233AF909-1320-4F50-98AE-0C3597EB77B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev2:*:*:*:*:*:*",
"matchCriteriaId": "8B99076E-CAAF-478A-A6CA-5F4D555F4F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev20:*:*:*:*:*:*",
"matchCriteriaId": "34400EA1-FBC0-4055-A921-96280EF73E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev21:*:*:*:*:*:*",
"matchCriteriaId": "BF5452D7-3326-415D-963D-BB9E4D5EA370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev3:*:*:*:*:*:*",
"matchCriteriaId": "71AD5083-1D8A-4F84-8263-EB724F2BAFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev4:*:*:*:*:*:*",
"matchCriteriaId": "F2E2CBB1-66E4-463E-9C13-36311A5E57CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev5:*:*:*:*:*:*",
"matchCriteriaId": "78419EB9-7DBD-4D86-9D9F-D207BE4A5606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev6:*:*:*:*:*:*",
"matchCriteriaId": "6CFDEA47-85E0-468F-ACE1-D246C690B8D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev7:*:*:*:*:*:*",
"matchCriteriaId": "51A93D40-8EC9-42FA-88B5-2C6A105D45DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev8:*:*:*:*:*:*",
"matchCriteriaId": "990A037D-78A9-4BA5-B0E6-66D33B553CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev9:*:*:*:*:*:*",
"matchCriteriaId": "84AB3311-A474-43B3-A613-F876042473A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "944562A2-53D7-4D75-B238-B9BD0F695E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*",
"matchCriteriaId": "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*",
"matchCriteriaId": "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*",
"matchCriteriaId": "B031D97E-A967-4124-8A42-EFA4B3576124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*",
"matchCriteriaId": "649774E8-6489-4AD7-95A8-AAF7154B2C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "1AC0DD2C-02D1-4CA9-A05C-81359BD30FA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 has Improper Input Validation."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.3, presenta una Comprobaci\u00f3n de Entrada Inapropiada"
}
],
"id": "CVE-2020-8543",
"lastModified": "2024-11-21T05:39:00.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-16T14:15:11.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:51
Severity ?
7.6 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D4F30E-2F52-4948-9C69-C57472833C79",
"versionEndExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Se podr\u00eda abusar de las solicitudes para recuperar metadatos de im\u00e1genes para incluir consultas SQL que se ejecutar\u00edan sin comprobar. Explotar esta vulnerabilidad requiere al menos acceso a redes adyacentes del servicio de conversi\u00f3n de im\u00e1genes, que no est\u00e1 expuesto a redes p\u00fablicas de forma predeterminada. Se podr\u00edan ejecutar sentencias SQL Arbitrarias en el contexto de la cuenta de usuario de la base de datos de servicios. Las solicitudes de API ahora se verifican correctamente para detectar contenido v\u00e1lido y los intentos de omitir esta verificaci\u00f3n se registran como errores. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-26454",
"lastModified": "2024-11-21T07:51:29.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 6.0,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-02T14:15:10.807",
"references": [
{
"source": "security@open-xchange.com",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-27 18:59
Modified
2024-11-21 01:58
Severity ?
Summary
The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAEED7B-C295-42B4-A60B-2EAA596E3D65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315."
},
{
"lang": "es",
"value": "El widget de Cumplea\u00f1os en el \u0027backend\u0027 en Open-Xchange (OX) AppSuite 7.2.x anterior a 7.2.2-rev25 y 7.4.x anterior a 7.4.0-rev14, en algunos casos de compartici\u00f3n de identidad de usuario, no construye adecuadamente una sentencia SQL para los cumplea\u00f1os del a\u00f1o siguiente, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible de cumplea\u00f1os, informaci\u00f3n del nombre a mostrar, nombre, y apellidos a trav\u00e9s de la acci\u00f3n cumplea\u00f1os en api/contacts, tambi\u00e9n conocido como bug 29315"
}
],
"id": "CVE-2013-6241",
"lastModified": "2024-11-21T01:58:54.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-27T18:59:05.617",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html"
},
{
"source": "cve@mitre.org",
"url": "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 05:39
Severity ?
Summary
OX App Suite through 7.10.3 allows SSRF.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6164303F-253E-440C-A45C-94FFF7B492AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev1:*:*:*:*:*:*",
"matchCriteriaId": "2C7EFE8F-CC45-436A-91A7-4D6CD1D60784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "4DD257D7-D9B2-4036-92D6-3A923B7DC59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "36383B07-AF6C-4EDA-A35E-50633D1612A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev12:*:*:*:*:*:*",
"matchCriteriaId": "A3305F0B-F84C-4F3A-8186-4086A2F29AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "032B8B47-9E01-41B3-99D4-DECD4727DEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F7211571-4614-4169-A897-D0047304A4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "992082E5-5E00-40F0-8246-FD44D189C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "4279A168-8A9A-43FF-8766-738EE31D6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "5A734819-B817-4E54-89B1-B6A5FD52C758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*",
"matchCriteriaId": "63AFF50B-7ABD-455D-A2A5-05432B41E4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*",
"matchCriteriaId": "E2842D25-1A80-4403-B7A2-6E26527588E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev2:*:*:*:*:*:*",
"matchCriteriaId": "42BCC26D-8B47-47E8-878A-11403C226E6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*",
"matchCriteriaId": "7DAA5D88-75E9-4D77-9F34-AB456F0733F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*",
"matchCriteriaId": "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev22:*:*:*:*:*:*",
"matchCriteriaId": "FD42433D-4B5C-43F5-8C5C-D97C6C3E5613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev23:*:*:*:*:*:*",
"matchCriteriaId": "B30EB62B-FEAC-4E7C-8AB8-E27879E18006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev24:*:*:*:*:*:*",
"matchCriteriaId": "88A08BF6-4410-48F9-B4D9-FCCA7B6DBF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev25:*:*:*:*:*:*",
"matchCriteriaId": "49A24746-6C5E-48BE-A001-CB25BF0189D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev26:*:*:*:*:*:*",
"matchCriteriaId": "7DA74FDF-0313-4783-B69D-17861F228FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev27:*:*:*:*:*:*",
"matchCriteriaId": "949DD220-BFA8-4C5B-8334-5D545D336879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev28:*:*:*:*:*:*",
"matchCriteriaId": "F82BCE0D-A798-4A8A-B028-37AB4E4E9D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev29:*:*:*:*:*:*",
"matchCriteriaId": "4DFC4CF9-F13A-43DC-81FA-2289D0B056F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8681201A-5DB3-42A9-A203-9641B4459537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev30:*:*:*:*:*:*",
"matchCriteriaId": "6C53AE9B-BA64-4925-A6EA-9F591324F4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev31:*:*:*:*:*:*",
"matchCriteriaId": "9ACF0B3D-A306-4E23-A361-195D3D732907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev32:*:*:*:*:*:*",
"matchCriteriaId": "5F71BE82-6E92-4372-99D7-ED46057CE572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev33:*:*:*:*:*:*",
"matchCriteriaId": "75473DD5-3E0C-472B-ABAB-993538E89A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev34:*:*:*:*:*:*",
"matchCriteriaId": "B7D5A6CF-DAC1-4435-99FC-613BC99AACAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev35:*:*:*:*:*:*",
"matchCriteriaId": "03D55E13-C2E3-4A01-8D2D-80F1C69ADB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev36:*:*:*:*:*:*",
"matchCriteriaId": "B9AA07E0-2863-436D-8585-6C0371371B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev37:*:*:*:*:*:*",
"matchCriteriaId": "03045CB8-638C-43C4-BAE3-B1F3586975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev38:*:*:*:*:*:*",
"matchCriteriaId": "81EB9BE2-498A-42D5-B500-750BD5907B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev39:*:*:*:*:*:*",
"matchCriteriaId": "2F5A4455-2DE5-409A-A5B0-4EE9503022F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "C567F8B8-D9D0-4006-819C-C995C6573FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev40:*:*:*:*:*:*",
"matchCriteriaId": "C5832883-CE88-4BE9-9F37-19BFF24DEE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev41:*:*:*:*:*:*",
"matchCriteriaId": "1B129936-271F-432D-AB91-25DA1E9AA960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev42:*:*:*:*:*:*",
"matchCriteriaId": "0132F603-FA0B-4F91-A49D-FCFA12FDAC3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev43:*:*:*:*:*:*",
"matchCriteriaId": "51626D24-7F17-4F43-A768-299F8ABAA663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev44:*:*:*:*:*:*",
"matchCriteriaId": "878A7C59-96A2-4EAE-BD72-77C810B9D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev45:*:*:*:*:*:*",
"matchCriteriaId": "77272167-B3E2-4046-8C03-1CF9C47E4ED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev46:*:*:*:*:*:*",
"matchCriteriaId": "AA7CB7E5-542D-4E9B-B0F3-05073113147B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev47:*:*:*:*:*:*",
"matchCriteriaId": "16E2357C-3A1B-4A9B-B115-8F7CB10D95FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev48:*:*:*:*:*:*",
"matchCriteriaId": "81033CCE-1255-43D2-B429-AAFA7C447885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev49:*:*:*:*:*:*",
"matchCriteriaId": "D8478E43-E40D-4E02-B258-055A2120FED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "07FEF270-E3ED-463D-9940-7FC9573E40C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev50:*:*:*:*:*:*",
"matchCriteriaId": "CD4F40EE-F6E2-45ED-97CA-82B472476622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev51:*:*:*:*:*:*",
"matchCriteriaId": "5D8FF2AA-C35F-4E68-A2EC-FC989E4CBE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev52:*:*:*:*:*:*",
"matchCriteriaId": "4C61C021-E42E-4387-85CF-2FBA2F061376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev53:*:*:*:*:*:*",
"matchCriteriaId": "96BCE7CA-5EB8-429F-A707-52DF87B92BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev54:*:*:*:*:*:*",
"matchCriteriaId": "AC6CF5C5-93B2-4E00-9ED3-DB337475EDAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev55:*:*:*:*:*:*",
"matchCriteriaId": "0CEC20C6-C269-455E-B069-D4071D2A06ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev56:*:*:*:*:*:*",
"matchCriteriaId": "84EAE1A5-7DD1-4F53-80AB-6BFAB46DA92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev57:*:*:*:*:*:*",
"matchCriteriaId": "B3C1745F-5866-4443-AA1A-1C66F47E91D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev58:*:*:*:*:*:*",
"matchCriteriaId": "37D8F313-87A1-4A8E-A357-97A9CFD5DDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev59:*:*:*:*:*:*",
"matchCriteriaId": "1C843E28-AA2C-4C95-9B4E-0135374D8E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev60:*:*:*:*:*:*",
"matchCriteriaId": "5DD3B406-C8AD-4C0F-9A9D-C2C1E0C4B7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev61:*:*:*:*:*:*",
"matchCriteriaId": "C9D33E26-E4EA-4DF6-AEA0-0D3321500232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev62:*:*:*:*:*:*",
"matchCriteriaId": "87DE98B2-602F-4C2A-9870-924A89E47A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev63:*:*:*:*:*:*",
"matchCriteriaId": "41B1D2EC-775F-4660-81BF-E45CFE1682E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev64:*:*:*:*:*:*",
"matchCriteriaId": "0CBCF797-67ED-4A06-99D0-C21A928202D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev65:*:*:*:*:*:*",
"matchCriteriaId": "790E20C5-DF4A-41E8-BCC1-C613097BACC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev66:*:*:*:*:*:*",
"matchCriteriaId": "87667829-EE71-4169-84C4-81557A10F1CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev67:*:*:*:*:*:*",
"matchCriteriaId": "E713D3B0-6B90-4CFB-9FB3-D7CAC1B84415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "BF34B133-486B-4D77-8745-4D0E082FF8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4CC04-9CAA-467A-AE72-CF3AC970296C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev1:*:*:*:*:*:*",
"matchCriteriaId": "368ECEBC-4553-4A2A-8A2A-A4B8909C321D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev10:*:*:*:*:*:*",
"matchCriteriaId": "33BFF8F7-DB19-4F7B-9FED-5D3E50E31C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev11:*:*:*:*:*:*",
"matchCriteriaId": "8E60A592-965B-4ECD-BE52-C8BCF8164A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev12:*:*:*:*:*:*",
"matchCriteriaId": "37DC59B1-D23F-40EB-9F54-0BBBC8FA86E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev13:*:*:*:*:*:*",
"matchCriteriaId": "91897609-C38E-47ED-9A45-34C26ACD4558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev14:*:*:*:*:*:*",
"matchCriteriaId": "68CD6B95-5EAA-4D14-8958-787E7B8ADD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev15:*:*:*:*:*:*",
"matchCriteriaId": "A4EBEBD1-9E8A-4C18-95FA-E7D83A7DC557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev16:*:*:*:*:*:*",
"matchCriteriaId": "6BAF8872-87D9-4271-80AA-E4200E6D8F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev17:*:*:*:*:*:*",
"matchCriteriaId": "E0FDDD1D-7EDC-4ED8-9288-DA1976B044FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev18:*:*:*:*:*:*",
"matchCriteriaId": "AE6BC6B0-66A7-4B0A-9B11-E41A3C29064D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev19:*:*:*:*:*:*",
"matchCriteriaId": "0B981446-14BE-43A9-86FE-F282E8DA393D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev2:*:*:*:*:*:*",
"matchCriteriaId": "4190E7EF-E9BF-4B87-B5A7-F1C5639CF701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev20:*:*:*:*:*:*",
"matchCriteriaId": "DC995A29-A9DB-4160-BEAD-7E6A3606F802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev21:*:*:*:*:*:*",
"matchCriteriaId": "890672A1-63E4-45BA-B4A7-B1DCFCE03E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev22:*:*:*:*:*:*",
"matchCriteriaId": "32AB90D5-CF22-45E4-A7E5-A3BC355C051A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev23:*:*:*:*:*:*",
"matchCriteriaId": "4287D478-7B66-4B94-AF06-FCFA3E3A49E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev24:*:*:*:*:*:*",
"matchCriteriaId": "6949270A-47D6-495B-8B3A-CC97351E0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev25:*:*:*:*:*:*",
"matchCriteriaId": "FF8F4DA7-035F-4C6E-9E97-265CC57A548B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev26:*:*:*:*:*:*",
"matchCriteriaId": "F6C50535-9E15-418A-8908-23C247CCF861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev27:*:*:*:*:*:*",
"matchCriteriaId": "8503C015-94AF-419C-95DE-1A1043811B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8DF4B515-D246-44A9-B4FA-094E33840EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev4:*:*:*:*:*:*",
"matchCriteriaId": "20D6F057-6D60-45CD-AF64-A17655FE4332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev5:*:*:*:*:*:*",
"matchCriteriaId": "8AAEEE04-5D35-4007-9C19-47139D574C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev6:*:*:*:*:*:*",
"matchCriteriaId": "534A44A6-9F3F-4A95-8397-1264537AF98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev7:*:*:*:*:*:*",
"matchCriteriaId": "0FDC984D-9BA2-44A8-A448-0B5FFD3714F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev8:*:*:*:*:*:*",
"matchCriteriaId": "10C3CE2E-D599-4E7B-8DF7-CE143D38C248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev9:*:*:*:*:*:*",
"matchCriteriaId": "5D50AB43-34ED-4514-A46D-17DCE8C0E13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA29625-42CD-49CC-9E34-858CB6C5D28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev1:*:*:*:*:*:*",
"matchCriteriaId": "3A43F58A-EF5F-470F-AD23-EA211A257B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev10:*:*:*:*:*:*",
"matchCriteriaId": "AF15D091-E31B-4AF7-8565-A545338443D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev11:*:*:*:*:*:*",
"matchCriteriaId": "6530A58D-89B1-4991-8182-2CB39FF0607D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev12:*:*:*:*:*:*",
"matchCriteriaId": "359C31C1-FC65-4DB5-AC13-78752B991D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev13:*:*:*:*:*:*",
"matchCriteriaId": "20B39EEB-AE1F-41EF-BDA2-0C05583C19A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev14:*:*:*:*:*:*",
"matchCriteriaId": "6814E0FE-C61F-4621-BCE9-E315FD27BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev15:*:*:*:*:*:*",
"matchCriteriaId": "C500DC8B-1E2D-4D9E-89BF-DB1F583FCE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev16:*:*:*:*:*:*",
"matchCriteriaId": "B31AF178-6903-4C9C-85D0-4FC64B523D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev17:*:*:*:*:*:*",
"matchCriteriaId": "78BBF7A1-2683-4A1A-A907-22AA08547C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev18:*:*:*:*:*:*",
"matchCriteriaId": "8E8D7027-437A-4ACA-A4A1-34F2A1E49EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev19:*:*:*:*:*:*",
"matchCriteriaId": "233AF909-1320-4F50-98AE-0C3597EB77B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev2:*:*:*:*:*:*",
"matchCriteriaId": "8B99076E-CAAF-478A-A6CA-5F4D555F4F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev20:*:*:*:*:*:*",
"matchCriteriaId": "34400EA1-FBC0-4055-A921-96280EF73E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev21:*:*:*:*:*:*",
"matchCriteriaId": "BF5452D7-3326-415D-963D-BB9E4D5EA370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev3:*:*:*:*:*:*",
"matchCriteriaId": "71AD5083-1D8A-4F84-8263-EB724F2BAFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev4:*:*:*:*:*:*",
"matchCriteriaId": "F2E2CBB1-66E4-463E-9C13-36311A5E57CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev5:*:*:*:*:*:*",
"matchCriteriaId": "78419EB9-7DBD-4D86-9D9F-D207BE4A5606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev6:*:*:*:*:*:*",
"matchCriteriaId": "6CFDEA47-85E0-468F-ACE1-D246C690B8D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev7:*:*:*:*:*:*",
"matchCriteriaId": "51A93D40-8EC9-42FA-88B5-2C6A105D45DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev8:*:*:*:*:*:*",
"matchCriteriaId": "990A037D-78A9-4BA5-B0E6-66D33B553CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev9:*:*:*:*:*:*",
"matchCriteriaId": "84AB3311-A474-43B3-A613-F876042473A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "944562A2-53D7-4D75-B238-B9BD0F695E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*",
"matchCriteriaId": "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*",
"matchCriteriaId": "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*",
"matchCriteriaId": "B031D97E-A967-4124-8A42-EFA4B3576124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*",
"matchCriteriaId": "649774E8-6489-4AD7-95A8-AAF7154B2C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "1AC0DD2C-02D1-4CA9-A05C-81359BD30FA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows SSRF."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.3, permite un ataque de tipo SSRF"
}
],
"id": "CVE-2020-8544",
"lastModified": "2024-11-21T05:39:00.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-16T14:15:11.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-30 22:15
Modified
2024-11-21 05:23
Severity ?
Summary
OX App Suite 7.10.4 and earlier allows SSRF via a snippet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9451471A-06E1-456C-8B82-ADEB746B97C7",
"versionEndIncluding": "7.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.4 and earlier allows SSRF via a snippet."
},
{
"lang": "es",
"value": "OX App Suite versiones 7.10.4 y anteriores, permiten un ataque de tipo SSRF por medio de un fragmento."
}
],
"id": "CVE-2020-28943",
"lastModified": "2024-11-21T05:23:20.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-30T22:15:07.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-05 11:44
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_server | 6.22.0 | |
| open-xchange | open-xchange_server | 6.22.1 | |
| open-xchange | open-xchange_server | 7.0.1 | |
| open-xchange | open-xchange_server | 7.0.2 | |
| open-xchange | open-xchange_server | 7.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58989467-7850-4D91-86D4-524EBE325869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BED21777-8642-49AC-A99F-87ED9B21FE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBAE267-EAB9-403A-8E1D-7C8EE68F0A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5500DAF-78C2-4E30-AB1C-EF623C43956B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB2BB8DD-3901-44D7-9C35-C9403B6A919D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en Open-Xchange AppSuite y Server anterior a v6.22.0 rev16, v6.22.1 anterior a rev19, v7.0.1 anterior a rev7, v7.0.2 anterior a rev11, y v7.2.0 anterior a rev8 permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de una acci\u00f3n \"delivery=view\", tambi\u00e9n conocido como Bug ID 26373, una vulnerabilidad diferente a CVE-2013-3106."
}
],
"id": "CVE-2013-5698",
"lastModified": "2024-11-21T01:57:57.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-05T11:44:57.853",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 18:29
Modified
2024-11-21 03:11
Severity ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF."
},
{
"lang": "es",
"value": "OX Software GmbH OX App Suite 7.8.4 y anteriores, se ven afectados por: SSRF."
}
],
"id": "CVE-2017-13667",
"lastModified": "2024-11-21T03:11:23.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T18:29:00.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 02:15
Modified
2024-11-21 07:14
Severity ?
Summary
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3B06B3-8919-4D41-87A6-DA39189750B9",
"versionEndExcluding": "7.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FE68F102-2EE1-44FF-A8AB-6F71F62712D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*",
"matchCriteriaId": "4F5923E6-C4C1-492F-A130-65D102F67B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*",
"matchCriteriaId": "D703A274-D197-42B3-9720-70E6CCD9E825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*",
"matchCriteriaId": "D4D5F145-F2BA-4589-8B9A-B967069EA355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*",
"matchCriteriaId": "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*",
"matchCriteriaId": "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*",
"matchCriteriaId": "3FAD63B8-9158-4552-8987-3A418AC5A3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*",
"matchCriteriaId": "87793628-6C35-4137-B584-3AE2A8363AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*",
"matchCriteriaId": "06C14CAB-9C56-48A2-82FA-16110923CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*",
"matchCriteriaId": "2201C280-3674-4FA4-8176-723C175A2469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*",
"matchCriteriaId": "A3CB3836-AD68-4167-98FD-5B05CC9C92EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*",
"matchCriteriaId": "604CF453-CBBE-4123-B3ED-87A8CBF407DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*",
"matchCriteriaId": "6AF52278-E711-4656-9A1C-0A3A7F3C671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*",
"matchCriteriaId": "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*",
"matchCriteriaId": "8A0D1287-7A32-4F56-97F2-8573F12D8EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*",
"matchCriteriaId": "69858B8E-E4C7-485C-882A-206E07D7343F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*",
"matchCriteriaId": "C2B82BFA-39B6-4DC8-B691-3284FDCFA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*",
"matchCriteriaId": "FD4E8470-B8CE-4670-8334-86B817180E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*",
"matchCriteriaId": "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*",
"matchCriteriaId": "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*",
"matchCriteriaId": "41EA5F8E-05B5-4C4A-8853-B6948C358F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*",
"matchCriteriaId": "3E1A5843-F09A-4BBE-878D-C967E4061B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*",
"matchCriteriaId": "D579A835-6B7F-4C77-991F-C760CB8D3750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*",
"matchCriteriaId": "B4935091-B9B4-4EA7-8785-FE4529ACFEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*",
"matchCriteriaId": "33DAB50E-18A0-43CC-9043-5E2B722F3A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*",
"matchCriteriaId": "0E1E9E82-17E3-4B43-AD5B-BBAD25759950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*",
"matchCriteriaId": "E73BDC2E-3C39-454F-B929-8BB936F36AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*",
"matchCriteriaId": "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*",
"matchCriteriaId": "9EA739D6-10BD-48B4-9C30-92BE4381C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*",
"matchCriteriaId": "79219E01-26C2-462C-B604-783490F26565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*",
"matchCriteriaId": "6F121147-1AAB-4123-AFD2-31F39434819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*",
"matchCriteriaId": "52B9445C-4B0E-437A-BE3C-DBB8A621D354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*",
"matchCriteriaId": "979495B8-8BF0-41B0-9BD5-48554A9C8889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*",
"matchCriteriaId": "A82EF754-CCB7-4A03-8986-42BA76E6A2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*",
"matchCriteriaId": "F4CAFBCA-BD13-4295-A558-844716BA0C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*",
"matchCriteriaId": "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record."
},
{
"lang": "es",
"value": "OX App Suite hasta 7.10.6 permite SSRF porque el mecanismo de protecci\u00f3n anti-SSRF solo verifica el primer registro DNS AA o AAAA."
}
],
"id": "CVE-2022-37313",
"lastModified": "2024-11-21T07:14:44.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T02:15:09.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-22 17:15
Modified
2024-11-21 05:56
Severity ?
Summary
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*",
"matchCriteriaId": "D3CF4C4E-3FF0-4B4A-8246-8F8981D66180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5547:*:*:*:*:*:*",
"matchCriteriaId": "4284A4B4-42CF-4196-B990-0DE2AC7FF5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5572:*:*:*:*:*:*",
"matchCriteriaId": "1AF0528B-838B-4C80-B91D-D3009EFBD2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5623:*:*:*:*:*:*",
"matchCriteriaId": "927E4E17-02FC-46D6-B1EE-BBB6C710BE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5653:*:*:*:*:*:*",
"matchCriteriaId": "43DECDE0-C942-4B4B-A2E1-63B8E32B7334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5677:*:*:*:*:*:*",
"matchCriteriaId": "54F4578F-1515-4F60-B890-421CB3FB09C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5720:*:*:*:*:*:*",
"matchCriteriaId": "8853D9CE-A4F6-4935-BEA2-C039E867ADEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*",
"matchCriteriaId": "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev10:*:*:*:*:*:*",
"matchCriteriaId": "F7FD3C9C-7750-4907-BF23-65606E7A6966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev11:*:*:*:*:*:*",
"matchCriteriaId": "42BAD919-0599-4303-A7E3-5026AC8F415E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev12:*:*:*:*:*:*",
"matchCriteriaId": "6D0555E6-057D-475D-9EAF-F1EEC2D2157E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev13:*:*:*:*:*:*",
"matchCriteriaId": "CDDA5DF9-62FF-4E6F-943C-C70620D56AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "A9C26834-176A-4DD0-816E-87F12C2A0980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "63BA3355-83A5-4758-9208-574760D72AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "DEDF0974-91A9-4F6C-B31F-327EBBF2321A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "79FED998-07D0-457B-9CC4-1CDE8D6B26E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "27EAB5B4-8F1A-4069-B150-032BADA92C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev19:*:*:*:*:*:*",
"matchCriteriaId": "265D758D-DA32-46FC-B7A7-1B695C2E7972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*",
"matchCriteriaId": "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "FE723E1C-E86A-4BC0-85DD-B051B1773A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev21:*:*:*:*:*:*",
"matchCriteriaId": "E441FE6E-2653-4BAE-9EFC-AE195A442804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "516B7ACF-ABB8-4DBA-9E71-3B57B7C74376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "60236FC4-81DA-4ED6-8C5B-6BC9FF6A177B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "E186C7BC-F3EC-4B9E-97BC-59CE860DD99B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "FE494389-735E-47FC-9A12-5305FA11735F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "6BD572F0-1B43-4FB5-BAE2-A9169BACFABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev27:*:*:*:*:*:*",
"matchCriteriaId": "CD1EAF9A-189B-47B8-A00A-5604D1B8D8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "63318E39-A502-4AD8-9C8D-C15F08847BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "59C68527-4F08-4436-9D14-8BA65EEEFFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*",
"matchCriteriaId": "B031D97E-A967-4124-8A42-EFA4B3576124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "79A59F84-11DE-4560-A820-8E4F7B715888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "4C2F2472-91C4-48AF-979A-7C003BBD36CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*",
"matchCriteriaId": "649774E8-6489-4AD7-95A8-AAF7154B2C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "1AC0DD2C-02D1-4CA9-A05C-81359BD30FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev7:*:*:*:*:*:*",
"matchCriteriaId": "720B7107-09AC-41AB-97BB-DFC3FABFDB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev8:*:*:*:*:*:*",
"matchCriteriaId": "17E4B9E0-D5D3-4291-91A0-15885B559D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev9:*:*:*:*:*:*",
"matchCriteriaId": "7ECB4D19-C148-473B-B0C0-FD9007912F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:-:*:*:*:*:*:*",
"matchCriteriaId": "89BEBFB4-A028-4D5E-846E-7403D3491147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev1:*:*:*:*:*:*",
"matchCriteriaId": "FED62869-ACA8-42B1-9AFE-0C0535E2C2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "CB85F4BA-8E1B-490A-83FC-906EDF990750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "525841F3-E9ED-4593-9163-9DFA114EF5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev12:*:*:*:*:*:*",
"matchCriteriaId": "6382225F-80C8-4A21-AC5F-E1645B420DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "3EC95556-A105-4C03-AB54-AAB3A943A22F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "34BB4402-3151-4ED1-BC4E-F00A7E5FDB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "96FB19E6-E819-419A-B2C0-717F196A5A52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "433C2CBB-E3D7-4209-81DA-E183B2BF23A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "B2117B25-DABE-47B2-9337-5FAC000EC558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev2:*:*:*:*:*:*",
"matchCriteriaId": "97039EE9-3567-4C10-9A85-8BED8C76BEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "AF1AAB93-9205-47FB-BEC3-EC7DF9A20732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "E9A3E84C-665F-470C-8D19-31446ABFF7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "45C98776-55CE-4AF8-9141-75E0B86AE844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "E94C88CD-9A26-45DE-A408-956D693FDE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "005CA94F-FA8A-474C-8135-CA0158D192F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "4D01DFB9-FFE1-4635-8D59-E2325AADAAF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "B051C6E0-334E-45A2-990B-81FE7E4FB507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used."
},
{
"lang": "es",
"value": "OX App Suite versiones anteriores a 7.10.3-rev4 y 7.10.4 versiones anteriores a 7.10.4-rev4, permite un ataque de tipo SSRF por medio de un documento SVG compartido que es manejado inapropiadamente por el componente imageconverter cuando la extensi\u00f3n .png es usada"
}
],
"id": "CVE-2021-26699",
"lastModified": "2024-11-21T05:56:41.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-22T17:15:09.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-12 22:15
Modified
2024-11-21 05:52
Severity ?
Summary
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/\u003cshare-token\u003e?delivery=view URI."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.4, permite un ataque de tipo XSS por medio de un encabezado Content-Disposition dise\u00f1ado en un documento HTML cargado en un URI ajax/share/(share-token)?delivery=view"
}
],
"id": "CVE-2021-23929",
"lastModified": "2024-11-21T05:52:04.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-12T22:15:12.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/160853/OX-App-Suite-OX-Documents-7.10.x-XSS-SSRF.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 19:15
Modified
2024-11-21 02:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAEED7B-C295-42B4-A60B-2EAA596E3D65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el back-end en Open-Xchange (OX) AppSuite versiones 7.2.x anteriores a 7.2.2-rev27 y versiones 7.4.x anteriores a 7.4.0-rev20, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de cuerpo de un correo electr\u00f3nico. NOTA: esta vulnerabilidad fue SPLIT de CVE-2013-6242 porque afecta a diferentes conjuntos de versiones."
}
],
"id": "CVE-2013-7486",
"lastModified": "2024-11-21T02:01:07.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T19:15:12.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029394"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://xforce.iss.net/xforce/xfdb/89250"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://xforce.iss.net/xforce/xfdb/89250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 05:38
Severity ?
Summary
OX App Suite through 7.10.3 allows XXE attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.1 | |
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.2 | |
| open-xchange | open-xchange_appsuite | 7.10.3 | |
| open-xchange | open-xchange_appsuite | 7.10.3 | |
| open-xchange | open-xchange_appsuite | 7.10.3 | |
| open-xchange | open-xchange_appsuite | 7.10.3 | |
| open-xchange | open-xchange_appsuite | 7.10.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4CC04-9CAA-467A-AE72-CF3AC970296C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev1:*:*:*:*:*:*",
"matchCriteriaId": "368ECEBC-4553-4A2A-8A2A-A4B8909C321D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev2:*:*:*:*:*:*",
"matchCriteriaId": "4190E7EF-E9BF-4B87-B5A7-F1C5639CF701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8DF4B515-D246-44A9-B4FA-094E33840EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev4:*:*:*:*:*:*",
"matchCriteriaId": "20D6F057-6D60-45CD-AF64-A17655FE4332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.1:rev5:*:*:*:*:*:*",
"matchCriteriaId": "8AAEEE04-5D35-4007-9C19-47139D574C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA29625-42CD-49CC-9E34-858CB6C5D28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev1:*:*:*:*:*:*",
"matchCriteriaId": "3A43F58A-EF5F-470F-AD23-EA211A257B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev2:*:*:*:*:*:*",
"matchCriteriaId": "8B99076E-CAAF-478A-A6CA-5F4D555F4F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev3:*:*:*:*:*:*",
"matchCriteriaId": "71AD5083-1D8A-4F84-8263-EB724F2BAFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.2:rev4:*:*:*:*:*:*",
"matchCriteriaId": "F2E2CBB1-66E4-463E-9C13-36311A5E57CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "944562A2-53D7-4D75-B238-B9BD0F695E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*",
"matchCriteriaId": "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*",
"matchCriteriaId": "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*",
"matchCriteriaId": "B031D97E-A967-4124-8A42-EFA4B3576124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*",
"matchCriteriaId": "649774E8-6489-4AD7-95A8-AAF7154B2C05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.3 allows XXE attacks."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.3, permite ataques de tipo XXE"
}
],
"id": "CVE-2020-8541",
"lastModified": "2024-11-21T05:38:59.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-16T14:15:11.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 04:09
Severity ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE77111-9626-48C1-9C13-6FF650B91363",
"versionEndIncluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "D4417841-A79D-479F-BBB4-13892CD29CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "11FED64F-98F2-4155-A34D-DCC0DCF55CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "544677BC-DEFB-45B8-BB08-124E5666A04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "ABA212B4-FC4B-4268-A778-23D588E76880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "10D10170-9528-49BB-88B8-92A4D016EA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "2DA48ACB-659B-408C-B7E1-945A6333C1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "449B4C7A-6287-4018-86AA-D34BEF8DB83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "8BF46085-0E23-4C9C-9899-30EB63EFC392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "39BB146E-14BF-4AC7-B267-3176545CBCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "64201845-70B6-4124-BA02-DE0646BE75A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "5E5DE686-E794-4C06-9AC8-5682B1CF68AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev32:*:*:*:*:*:*",
"matchCriteriaId": "E4710EAE-6227-4A72-9549-6EEF0CEB6E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev33:*:*:*:*:*:*",
"matchCriteriaId": "7AD9AE40-5AE0-4DA6-BD1D-CC02746DA917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev35:*:*:*:*:*:*",
"matchCriteriaId": "3681A31A-1795-4C44-B482-1F1028449960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E26B66B2-9BE8-4843-9B4B-D673FAC44023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2633E559-38E4-4024-BB5F-94EDFE5F93FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E804C89F-033F-43B3-B63B-172F9B2136CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*",
"matchCriteriaId": "0F7C6765-34DD-4326-99A8-F85DA19ECE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*",
"matchCriteriaId": "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*",
"matchCriteriaId": "B040A950-FEC3-465D-AD19-3AA8EE11AE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*",
"matchCriteriaId": "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "76D18DCA-5D64-4D38-99B0-1B984C402E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "46718CD2-0403-4DA2-B157-5714BD654EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "4BA1274B-9103-449F-ABD1-C898B716B433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "3BB485BC-3247-4E06-8017-118B597B0184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*",
"matchCriteriaId": "6C447C6E-6188-47C6-BC68-8FD99B49F2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "211647E5-8BCA-4393-B54B-CE382D5DF3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*",
"matchCriteriaId": "855C2E78-C554-43A7-BD3F-747053F45709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "64594DD5-2816-4123-A12C-505FE4480AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "30145547-3406-4639-A5AD-52EFAA734EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*",
"matchCriteriaId": "91040A22-04F6-43ED-A6A1-060703D285C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "5A3E2338-E774-4188-B352-B79FBB9C5511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "E8381BB7-3602-4DCF-A070-1067C277AAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "98B758CC-D26C-4B83-98E7-3BA4ECF96966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*",
"matchCriteriaId": "7BCE965A-70BE-4159-93D8-A2520C8C4CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*",
"matchCriteriaId": "1152B60C-3188-4BE7-897A-B09C5732ECAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*",
"matchCriteriaId": "5F1F087A-7373-4B7F-87BD-8509704F47CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*",
"matchCriteriaId": "D82CB956-9A14-49C5-8308-52198589BAC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*",
"matchCriteriaId": "2F202094-2A74-44DA-BB3A-06AF3326E544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*",
"matchCriteriaId": "DC128D82-A687-4043-AC01-9A329ED9F9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*",
"matchCriteriaId": "CBE4CF1D-B716-4992-B3DE-599AD7407780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*",
"matchCriteriaId": "49FCC4A7-3078-421A-A3A1-C58976F47262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev41:*:*:*:*:*:*",
"matchCriteriaId": "E57747B2-0C7B-4004-82AA-8C59CABC3B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev42:*:*:*:*:*:*",
"matchCriteriaId": "BECD9AD4-EB03-4BF0-A219-DD965A55670A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev43:*:*:*:*:*:*",
"matchCriteriaId": "5E0F6A5B-BDBB-4DF5-91A0-440834EE161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "F57910B1-968D-4DF3-8C2D-9EB3765C7214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*",
"matchCriteriaId": "A07A8019-D7D7-4E1D-AEA7-DF509175393D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*",
"matchCriteriaId": "9FEEF620-CD8A-49C4-89D6-565503A1790F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6164303F-253E-440C-A45C-94FFF7B492AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "4DD257D7-D9B2-4036-92D6-3A923B7DC59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "36383B07-AF6C-4EDA-A35E-50633D1612A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "032B8B47-9E01-41B3-99D4-DECD4727DEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F7211571-4614-4169-A897-D0047304A4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "992082E5-5E00-40F0-8246-FD44D189C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "4279A168-8A9A-43FF-8766-738EE31D6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "5A734819-B817-4E54-89B1-B6A5FD52C758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*",
"matchCriteriaId": "63AFF50B-7ABD-455D-A2A5-05432B41E4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*",
"matchCriteriaId": "E2842D25-1A80-4403-B7A2-6E26527588E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*",
"matchCriteriaId": "7DAA5D88-75E9-4D77-9F34-AB456F0733F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*",
"matchCriteriaId": "9EB906E5-1ABF-4734-84E1-BC8005AB1C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8681201A-5DB3-42A9-A203-9641B4459537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "C567F8B8-D9D0-4006-819C-C995C6573FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "07FEF270-E3ED-463D-9940-7FC9573E40C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "BF34B133-486B-4D77-8745-4D0E082FF8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks."
},
{
"lang": "es",
"value": "El componente backend en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev36, versiones 7.8.x anteriores a la 7.8.2-rev39, versiones 7.8.3 anteriores a la 7.8.3-rev44 y versiones 7.8.4 anteriores a la 7.8.4-rev22 no comprueba correctamente la asociaci\u00f3n folder-to-object, lo que permite que usuarios autenticados remotos eliminen tareas arbitrarias mediante el id de tarea en una acci\u00f3n delete en api/tasks."
}
],
"id": "CVE-2018-5756",
"lastModified": "2024-11-21T04:09:19.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-16T01:29:06.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-14 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
OX App Suite through 7.10.2 has Insecure Permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2019/Oct/25 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2019/Oct/25 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CF4B9A-D36A-4A8E-B2A2-34C0CA70A24C",
"versionEndIncluding": "7.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.2 has Insecure Permissions."
},
{
"lang": "es",
"value": "OX App Suite hasta la versi\u00f3n 7.10.2 tiene permisos inseguros."
}
],
"id": "CVE-2019-14226",
"lastModified": "2024-11-21T04:26:14.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-14T17:15:09.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Oct/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Oct/25"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-281"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-22 17:15
Modified
2024-11-21 06:15
Severity ?
Summary
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Jul/33 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*",
"matchCriteriaId": "D3CF4C4E-3FF0-4B4A-8246-8F8981D66180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5547:*:*:*:*:*:*",
"matchCriteriaId": "4284A4B4-42CF-4196-B990-0DE2AC7FF5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5572:*:*:*:*:*:*",
"matchCriteriaId": "1AF0528B-838B-4C80-B91D-D3009EFBD2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5623:*:*:*:*:*:*",
"matchCriteriaId": "927E4E17-02FC-46D6-B1EE-BBB6C710BE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5653:*:*:*:*:*:*",
"matchCriteriaId": "43DECDE0-C942-4B4B-A2E1-63B8E32B7334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5677:*:*:*:*:*:*",
"matchCriteriaId": "54F4578F-1515-4F60-B890-421CB3FB09C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5720:*:*:*:*:*:*",
"matchCriteriaId": "8853D9CE-A4F6-4935-BEA2-C039E867ADEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*",
"matchCriteriaId": "3B7503E3-6317-4DD7-9EDD-AB5A0586BADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev10:*:*:*:*:*:*",
"matchCriteriaId": "F7FD3C9C-7750-4907-BF23-65606E7A6966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev11:*:*:*:*:*:*",
"matchCriteriaId": "42BAD919-0599-4303-A7E3-5026AC8F415E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev12:*:*:*:*:*:*",
"matchCriteriaId": "6D0555E6-057D-475D-9EAF-F1EEC2D2157E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev13:*:*:*:*:*:*",
"matchCriteriaId": "CDDA5DF9-62FF-4E6F-943C-C70620D56AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "A9C26834-176A-4DD0-816E-87F12C2A0980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "63BA3355-83A5-4758-9208-574760D72AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "DEDF0974-91A9-4F6C-B31F-327EBBF2321A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "79FED998-07D0-457B-9CC4-1CDE8D6B26E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "27EAB5B4-8F1A-4069-B150-032BADA92C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev19:*:*:*:*:*:*",
"matchCriteriaId": "265D758D-DA32-46FC-B7A7-1B695C2E7972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*",
"matchCriteriaId": "26BF76EC-F32F-4DAB-8EB0-8B24E76D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "FE723E1C-E86A-4BC0-85DD-B051B1773A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev21:*:*:*:*:*:*",
"matchCriteriaId": "E441FE6E-2653-4BAE-9EFC-AE195A442804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "516B7ACF-ABB8-4DBA-9E71-3B57B7C74376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "60236FC4-81DA-4ED6-8C5B-6BC9FF6A177B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "E186C7BC-F3EC-4B9E-97BC-59CE860DD99B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "FE494389-735E-47FC-9A12-5305FA11735F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "6BD572F0-1B43-4FB5-BAE2-A9169BACFABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev27:*:*:*:*:*:*",
"matchCriteriaId": "CD1EAF9A-189B-47B8-A00A-5604D1B8D8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "63318E39-A502-4AD8-9C8D-C15F08847BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "59C68527-4F08-4436-9D14-8BA65EEEFFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*",
"matchCriteriaId": "B031D97E-A967-4124-8A42-EFA4B3576124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "79A59F84-11DE-4560-A820-8E4F7B715888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "4C2F2472-91C4-48AF-979A-7C003BBD36CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*",
"matchCriteriaId": "649774E8-6489-4AD7-95A8-AAF7154B2C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "A2A1BB49-EAFD-4458-AA8B-BF4B195927C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "1AC0DD2C-02D1-4CA9-A05C-81359BD30FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev7:*:*:*:*:*:*",
"matchCriteriaId": "720B7107-09AC-41AB-97BB-DFC3FABFDB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev8:*:*:*:*:*:*",
"matchCriteriaId": "17E4B9E0-D5D3-4291-91A0-15885B559D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev9:*:*:*:*:*:*",
"matchCriteriaId": "7ECB4D19-C148-473B-B0C0-FD9007912F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:-:*:*:*:*:*:*",
"matchCriteriaId": "89BEBFB4-A028-4D5E-846E-7403D3491147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev1:*:*:*:*:*:*",
"matchCriteriaId": "FED62869-ACA8-42B1-9AFE-0C0535E2C2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "CB85F4BA-8E1B-490A-83FC-906EDF990750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "525841F3-E9ED-4593-9163-9DFA114EF5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev12:*:*:*:*:*:*",
"matchCriteriaId": "6382225F-80C8-4A21-AC5F-E1645B420DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "3EC95556-A105-4C03-AB54-AAB3A943A22F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "34BB4402-3151-4ED1-BC4E-F00A7E5FDB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "96FB19E6-E819-419A-B2C0-717F196A5A52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "433C2CBB-E3D7-4209-81DA-E183B2BF23A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "B2117B25-DABE-47B2-9337-5FAC000EC558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev2:*:*:*:*:*:*",
"matchCriteriaId": "97039EE9-3567-4C10-9A85-8BED8C76BEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "AF1AAB93-9205-47FB-BEC3-EC7DF9A20732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "E9A3E84C-665F-470C-8D19-31446ABFF7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "45C98776-55CE-4AF8-9141-75E0B86AE844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "E94C88CD-9A26-45DE-A408-956D693FDE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "005CA94F-FA8A-474C-8135-CA0158D192F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "4D01DFB9-FFE1-4635-8D59-E2325AADAAF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "B051C6E0-334E-45A2-990B-81FE7E4FB507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled."
},
{
"lang": "es",
"value": "OX App Suite versiones anteriores a 7.10.3-rev32 y versiones 7.10.4 anteriores a 7.10.4-rev18, permite un ataque de tipo XSS por medio de datos binarios que se manejan inapropiadamente cuando ha sido habilitado el endpoint de recuperaci\u00f3n de datos heredado"
}
],
"id": "CVE-2021-37402",
"lastModified": "2024-11-21T06:15:05.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-22T17:15:09.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 04:09
Severity ?
Summary
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE77111-9626-48C1-9C13-6FF650B91363",
"versionEndIncluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "D4417841-A79D-479F-BBB4-13892CD29CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "11FED64F-98F2-4155-A34D-DCC0DCF55CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "544677BC-DEFB-45B8-BB08-124E5666A04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "ABA212B4-FC4B-4268-A778-23D588E76880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "10D10170-9528-49BB-88B8-92A4D016EA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "2DA48ACB-659B-408C-B7E1-945A6333C1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "449B4C7A-6287-4018-86AA-D34BEF8DB83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "8BF46085-0E23-4C9C-9899-30EB63EFC392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "39BB146E-14BF-4AC7-B267-3176545CBCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "64201845-70B6-4124-BA02-DE0646BE75A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E26B66B2-9BE8-4843-9B4B-D673FAC44023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2633E559-38E4-4024-BB5F-94EDFE5F93FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E804C89F-033F-43B3-B63B-172F9B2136CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*",
"matchCriteriaId": "0F7C6765-34DD-4326-99A8-F85DA19ECE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*",
"matchCriteriaId": "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*",
"matchCriteriaId": "B040A950-FEC3-465D-AD19-3AA8EE11AE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*",
"matchCriteriaId": "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "76D18DCA-5D64-4D38-99B0-1B984C402E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "46718CD2-0403-4DA2-B157-5714BD654EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "4BA1274B-9103-449F-ABD1-C898B716B433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "3BB485BC-3247-4E06-8017-118B597B0184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*",
"matchCriteriaId": "6C447C6E-6188-47C6-BC68-8FD99B49F2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "211647E5-8BCA-4393-B54B-CE382D5DF3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*",
"matchCriteriaId": "855C2E78-C554-43A7-BD3F-747053F45709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "64594DD5-2816-4123-A12C-505FE4480AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "30145547-3406-4639-A5AD-52EFAA734EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*",
"matchCriteriaId": "91040A22-04F6-43ED-A6A1-060703D285C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "5A3E2338-E774-4188-B352-B79FBB9C5511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "E8381BB7-3602-4DCF-A070-1067C277AAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "98B758CC-D26C-4B83-98E7-3BA4ECF96966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*",
"matchCriteriaId": "7BCE965A-70BE-4159-93D8-A2520C8C4CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*",
"matchCriteriaId": "1152B60C-3188-4BE7-897A-B09C5732ECAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*",
"matchCriteriaId": "5F1F087A-7373-4B7F-87BD-8509704F47CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*",
"matchCriteriaId": "D82CB956-9A14-49C5-8308-52198589BAC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*",
"matchCriteriaId": "2F202094-2A74-44DA-BB3A-06AF3326E544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*",
"matchCriteriaId": "DC128D82-A687-4043-AC01-9A329ED9F9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*",
"matchCriteriaId": "CBE4CF1D-B716-4992-B3DE-599AD7407780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*",
"matchCriteriaId": "49FCC4A7-3078-421A-A3A1-C58976F47262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "F57910B1-968D-4DF3-8C2D-9EB3765C7214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*",
"matchCriteriaId": "A07A8019-D7D7-4E1D-AEA7-DF509175393D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*",
"matchCriteriaId": "9FEEF620-CD8A-49C4-89D6-565503A1790F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6164303F-253E-440C-A45C-94FFF7B492AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "4DD257D7-D9B2-4036-92D6-3A923B7DC59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "36383B07-AF6C-4EDA-A35E-50633D1612A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "032B8B47-9E01-41B3-99D4-DECD4727DEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F7211571-4614-4169-A897-D0047304A4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "992082E5-5E00-40F0-8246-FD44D189C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "4279A168-8A9A-43FF-8766-738EE31D6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "5A734819-B817-4E54-89B1-B6A5FD52C758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*",
"matchCriteriaId": "63AFF50B-7ABD-455D-A2A5-05432B41E4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*",
"matchCriteriaId": "E2842D25-1A80-4403-B7A2-6E26527588E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8681201A-5DB3-42A9-A203-9641B4459537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "C567F8B8-D9D0-4006-819C-C995C6573FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "07FEF270-E3ED-463D-9940-7FC9573E40C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "BF34B133-486B-4D77-8745-4D0E082FF8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the \"personal part\" of a (1) From or (2) Sender address."
},
{
"lang": "es",
"value": "El componente frontend en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev31, versiones 7.8.x anteriores a la 7.8.2-rev31, versiones 7.8.3 anteriores a la 7.8.3-rev41 y versiones 7.8.4 anteriores a la 7.8.4-rev20 permite que atacantes remotos suplanten el origen de emails mediante caracteres unicode en la \"parte personal\" de una direcci\u00f3n (1) From o (2) Sender."
}
],
"id": "CVE-2018-5753",
"lastModified": "2024-11-21T04:09:19.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-16T01:29:06.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 04:15
Modified
2024-11-21 07:14
Severity ?
Summary
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3B06B3-8919-4D41-87A6-DA39189750B9",
"versionEndExcluding": "7.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FE68F102-2EE1-44FF-A8AB-6F71F62712D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*",
"matchCriteriaId": "4F5923E6-C4C1-492F-A130-65D102F67B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*",
"matchCriteriaId": "D703A274-D197-42B3-9720-70E6CCD9E825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*",
"matchCriteriaId": "D4D5F145-F2BA-4589-8B9A-B967069EA355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*",
"matchCriteriaId": "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*",
"matchCriteriaId": "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*",
"matchCriteriaId": "3FAD63B8-9158-4552-8987-3A418AC5A3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*",
"matchCriteriaId": "87793628-6C35-4137-B584-3AE2A8363AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*",
"matchCriteriaId": "06C14CAB-9C56-48A2-82FA-16110923CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*",
"matchCriteriaId": "2201C280-3674-4FA4-8176-723C175A2469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*",
"matchCriteriaId": "A3CB3836-AD68-4167-98FD-5B05CC9C92EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*",
"matchCriteriaId": "604CF453-CBBE-4123-B3ED-87A8CBF407DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*",
"matchCriteriaId": "6AF52278-E711-4656-9A1C-0A3A7F3C671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*",
"matchCriteriaId": "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*",
"matchCriteriaId": "8A0D1287-7A32-4F56-97F2-8573F12D8EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*",
"matchCriteriaId": "69858B8E-E4C7-485C-882A-206E07D7343F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*",
"matchCriteriaId": "C2B82BFA-39B6-4DC8-B691-3284FDCFA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*",
"matchCriteriaId": "FD4E8470-B8CE-4670-8334-86B817180E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*",
"matchCriteriaId": "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*",
"matchCriteriaId": "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*",
"matchCriteriaId": "41EA5F8E-05B5-4C4A-8853-B6948C358F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*",
"matchCriteriaId": "3E1A5843-F09A-4BBE-878D-C967E4061B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*",
"matchCriteriaId": "D579A835-6B7F-4C77-991F-C760CB8D3750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*",
"matchCriteriaId": "B4935091-B9B4-4EA7-8785-FE4529ACFEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*",
"matchCriteriaId": "33DAB50E-18A0-43CC-9043-5E2B722F3A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*",
"matchCriteriaId": "0E1E9E82-17E3-4B43-AD5B-BBAD25759950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*",
"matchCriteriaId": "E73BDC2E-3C39-454F-B929-8BB936F36AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*",
"matchCriteriaId": "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*",
"matchCriteriaId": "9EA739D6-10BD-48B4-9C30-92BE4381C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*",
"matchCriteriaId": "79219E01-26C2-462C-B604-783490F26565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*",
"matchCriteriaId": "6F121147-1AAB-4123-AFD2-31F39434819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*",
"matchCriteriaId": "52B9445C-4B0E-437A-BE3C-DBB8A621D354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*",
"matchCriteriaId": "979495B8-8BF0-41B0-9BD5-48554A9C8889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*",
"matchCriteriaId": "A82EF754-CCB7-4A03-8986-42BA76E6A2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*",
"matchCriteriaId": "F4CAFBCA-BD13-4295-A558-844716BA0C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*",
"matchCriteriaId": "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name."
},
{
"lang": "es",
"value": "OX App Suite hasta 7.10.6 permite XSS mediante c\u00f3digo script dentro de un contacto que tiene una direcci\u00f3n de correo electr\u00f3nico pero carece de nombre."
}
],
"id": "CVE-2022-37309",
"lastModified": "2024-11-21T07:14:43.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T04:15:10.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:49
Severity ?
Summary
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev-26:*:*:*:*:*:*",
"matchCriteriaId": "76CB18F2-3E73-4751-9DE2-DFFBDF358BB2",
"versionEndIncluding": "7.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The \"defer\" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX AppSuite en versiones anteriores a 7.8.0-rev27. El \"defer\" servlet ofrece redirigir a un cliente a una URL especificada. Dado que faltaban algunas verificaciones, URLs arbitrarias podr\u00edan ser proporcionadas como objetivo de redirecci\u00f3n. Los usuarios pueden ser enga\u00f1ados para seguir un v\u00ednculo a un dominio confiable pero terminar en un servicio inesperado m\u00e1s tarde. Esta vulnerabilidad puede emplearse para preparar y mejorar ataques de phishing."
}
],
"id": "CVE-2016-3174",
"lastModified": "2024-11-21T02:49:32.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:03.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538481/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/137187/Open-Xchange-OX-AppSuite-7.8.0-XSS-Open-Redirect.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538481/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:27
Severity ?
Summary
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://open-xchange.com | Product | |
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://open-xchange.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77DCBA3-CB5A-4F73-817E-717C8335463E",
"versionEndIncluding": "7.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure."
},
{
"lang": "es",
"value": "Open-Xchange GmbH OX App Suite versi\u00f3n 7.8.3 y anteriores, se ven afectados por: Exposici\u00f3n de la Informaci\u00f3n."
}
],
"id": "CVE-2017-5210",
"lastModified": "2024-11-21T03:27:17.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T15:29:00.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/7.8.4/release-notes/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-23 15:29
Modified
2024-11-21 03:17
Severity ?
Summary
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ox.com | Broken Link, Not Applicable | |
| cve@mitre.org | https://documentation.open-xchange.com/components/releasenotes/7.8.3/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ox.com | Broken Link, Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.open-xchange.com/components/releasenotes/7.8.3/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions."
},
{
"lang": "es",
"value": "OX Software GmbH OX App Suite versi\u00f3n 7.8.4 y anteriores, se ven afectadas por: Permisos Inseguros."
}
],
"id": "CVE-2017-17060",
"lastModified": "2024-11-21T03:17:25.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T15:29:00.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/components/releasenotes/7.8.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Not Applicable"
],
"url": "http://ox.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/components/releasenotes/7.8.3/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-21 21:15
Modified
2024-11-21 04:33
Severity ?
Summary
OX App Suite through 7.10.2 allows SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CF4B9A-D36A-4A8E-B2A2-34C0CA70A24C",
"versionEndIncluding": "7.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.2 allows SSRF."
},
{
"lang": "es",
"value": "OX App Suite versiones hasta 7.10.2, permite un ataque de tipo SSRF."
}
],
"id": "CVE-2019-18846",
"lastModified": "2024-11-21T04:33:42.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-21T21:15:10.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-16 01:29
Modified
2024-11-21 03:17
Severity ?
Summary
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jun/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44881/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE77111-9626-48C1-9C13-6FF650B91363",
"versionEndIncluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "D4417841-A79D-479F-BBB4-13892CD29CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "11FED64F-98F2-4155-A34D-DCC0DCF55CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "544677BC-DEFB-45B8-BB08-124E5666A04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "ABA212B4-FC4B-4268-A778-23D588E76880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "10D10170-9528-49BB-88B8-92A4D016EA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "2DA48ACB-659B-408C-B7E1-945A6333C1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "23D2DCAA-FAB7-426D-8680-2A6F69AE90DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "90C2E1F5-73DA-4FA7-BEDF-E9726F5D0D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "449B4C7A-6287-4018-86AA-D34BEF8DB83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "E8E6C22C-C3B3-4914-A1D8-A6202EEBF1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "8BF46085-0E23-4C9C-9899-30EB63EFC392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "39BB146E-14BF-4AC7-B267-3176545CBCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "64201845-70B6-4124-BA02-DE0646BE75A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "8E2A9B0B-F4B9-410B-AA32-D4A5A3B285DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "5E5DE686-E794-4C06-9AC8-5682B1CF68AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev32:*:*:*:*:*:*",
"matchCriteriaId": "E4710EAE-6227-4A72-9549-6EEF0CEB6E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev33:*:*:*:*:*:*",
"matchCriteriaId": "7AD9AE40-5AE0-4DA6-BD1D-CC02746DA917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E26B66B2-9BE8-4843-9B4B-D673FAC44023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2633E559-38E4-4024-BB5F-94EDFE5F93FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E804C89F-033F-43B3-B63B-172F9B2136CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*",
"matchCriteriaId": "0F7C6765-34DD-4326-99A8-F85DA19ECE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*",
"matchCriteriaId": "13FAD9B6-5790-4C7A-8A9B-09B1002DA75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*",
"matchCriteriaId": "B040A950-FEC3-465D-AD19-3AA8EE11AE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*",
"matchCriteriaId": "F5971D8D-A2E6-4E3D-8FDA-04F89FC65A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*",
"matchCriteriaId": "FEF67234-BDCA-48FA-8616-6B0E4A38FA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*",
"matchCriteriaId": "76D18DCA-5D64-4D38-99B0-1B984C402E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*",
"matchCriteriaId": "46718CD2-0403-4DA2-B157-5714BD654EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*",
"matchCriteriaId": "4BA1274B-9103-449F-ABD1-C898B716B433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*",
"matchCriteriaId": "3BB485BC-3247-4E06-8017-118B597B0184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*",
"matchCriteriaId": "6C447C6E-6188-47C6-BC68-8FD99B49F2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*",
"matchCriteriaId": "211647E5-8BCA-4393-B54B-CE382D5DF3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*",
"matchCriteriaId": "855C2E78-C554-43A7-BD3F-747053F45709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*",
"matchCriteriaId": "64594DD5-2816-4123-A12C-505FE4480AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*",
"matchCriteriaId": "606D294C-EAEC-43EC-BA0F-BC5484B7C5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*",
"matchCriteriaId": "A8E1D645-706F-4CCA-88A7-F5077BCE4AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*",
"matchCriteriaId": "30145547-3406-4639-A5AD-52EFAA734EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*",
"matchCriteriaId": "BDB6642D-C5AF-41D7-B2EA-A1F333E5B12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*",
"matchCriteriaId": "91040A22-04F6-43ED-A6A1-060703D285C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*",
"matchCriteriaId": "5A3E2338-E774-4188-B352-B79FBB9C5511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*",
"matchCriteriaId": "22961BA6-C0B1-488A-8F7D-68EB3F9DA6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*",
"matchCriteriaId": "E8381BB7-3602-4DCF-A070-1067C277AAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*",
"matchCriteriaId": "98B758CC-D26C-4B83-98E7-3BA4ECF96966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*",
"matchCriteriaId": "7BCE965A-70BE-4159-93D8-A2520C8C4CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*",
"matchCriteriaId": "1152B60C-3188-4BE7-897A-B09C5732ECAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*",
"matchCriteriaId": "5F1F087A-7373-4B7F-87BD-8509704F47CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*",
"matchCriteriaId": "D82CB956-9A14-49C5-8308-52198589BAC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*",
"matchCriteriaId": "2F202094-2A74-44DA-BB3A-06AF3326E544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*",
"matchCriteriaId": "DC128D82-A687-4043-AC01-9A329ED9F9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*",
"matchCriteriaId": "CBE4CF1D-B716-4992-B3DE-599AD7407780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*",
"matchCriteriaId": "49FCC4A7-3078-421A-A3A1-C58976F47262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*",
"matchCriteriaId": "F57910B1-968D-4DF3-8C2D-9EB3765C7214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*",
"matchCriteriaId": "FE1FD7DD-DC8C-416C-A55B-FA7B961ECD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*",
"matchCriteriaId": "A07A8019-D7D7-4E1D-AEA7-DF509175393D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*",
"matchCriteriaId": "9FEEF620-CD8A-49C4-89D6-565503A1790F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6164303F-253E-440C-A45C-94FFF7B492AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*",
"matchCriteriaId": "4DD257D7-D9B2-4036-92D6-3A923B7DC59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*",
"matchCriteriaId": "36383B07-AF6C-4EDA-A35E-50633D1612A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*",
"matchCriteriaId": "032B8B47-9E01-41B3-99D4-DECD4727DEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F7211571-4614-4169-A897-D0047304A4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*",
"matchCriteriaId": "992082E5-5E00-40F0-8246-FD44D189C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*",
"matchCriteriaId": "4279A168-8A9A-43FF-8766-738EE31D6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*",
"matchCriteriaId": "5A734819-B817-4E54-89B1-B6A5FD52C758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*",
"matchCriteriaId": "63AFF50B-7ABD-455D-A2A5-05432B41E4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*",
"matchCriteriaId": "8681201A-5DB3-42A9-A203-9641B4459537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*",
"matchCriteriaId": "C567F8B8-D9D0-4006-819C-C995C6573FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*",
"matchCriteriaId": "07FEF270-E3ED-463D-9940-7FC9573E40C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*",
"matchCriteriaId": "7FD1E38C-EC1A-42D1-86AF-D53D8BF0098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*",
"matchCriteriaId": "1BF75100-6E38-4FCB-BC21-FFB1C4B3EC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*",
"matchCriteriaId": "BF34B133-486B-4D77-8745-4D0E082FF8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*",
"matchCriteriaId": "33B507D7-536B-4AC3-BCB3-BF3A6BA257F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management."
},
{
"lang": "es",
"value": "El componente backend en Open-Xchange OX App Suite en versiones anteriores a la 7.6.3-rev35, versiones 7.8.x anteriores a la 7.8.2-rev38, versiones 7.8.3 anteriores a la 7.8.3-rev41 y versiones 7.8.4 anteriores a la 7.8.4-rev19 permite que usuarios remotos autenticados guarden atributos de usuario arbitrarios aprovechando la gesti\u00f3n incorrecta de privilegios."
}
],
"id": "CVE-2017-17062",
"lastModified": "2024-11-21T03:17:25.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-16T01:29:02.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44881/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 02:15
Modified
2024-11-21 07:14
Severity ?
Summary
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://open-xchange.com | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open-xchange.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2022/Nov/18 | Exploit, Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3B06B3-8919-4D41-87A6-DA39189750B9",
"versionEndExcluding": "7.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FE68F102-2EE1-44FF-A8AB-6F71F62712D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*",
"matchCriteriaId": "4F5923E6-C4C1-492F-A130-65D102F67B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*",
"matchCriteriaId": "D703A274-D197-42B3-9720-70E6CCD9E825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*",
"matchCriteriaId": "D4D5F145-F2BA-4589-8B9A-B967069EA355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*",
"matchCriteriaId": "7E3F2F8B-F7C4-4297-B451-CAFFCA860D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*",
"matchCriteriaId": "C7CB5AA6-19B9-4D21-A2B6-1523719A2DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*",
"matchCriteriaId": "3FAD63B8-9158-4552-8987-3A418AC5A3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*",
"matchCriteriaId": "87793628-6C35-4137-B584-3AE2A8363AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*",
"matchCriteriaId": "06C14CAB-9C56-48A2-82FA-16110923CC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*",
"matchCriteriaId": "2201C280-3674-4FA4-8176-723C175A2469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*",
"matchCriteriaId": "A3CB3836-AD68-4167-98FD-5B05CC9C92EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*",
"matchCriteriaId": "604CF453-CBBE-4123-B3ED-87A8CBF407DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*",
"matchCriteriaId": "6AF52278-E711-4656-9A1C-0A3A7F3C671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*",
"matchCriteriaId": "5DD66203-5C4E-434A-BA84-9F78D9E1F7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*",
"matchCriteriaId": "8A0D1287-7A32-4F56-97F2-8573F12D8EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*",
"matchCriteriaId": "69858B8E-E4C7-485C-882A-206E07D7343F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*",
"matchCriteriaId": "C2B82BFA-39B6-4DC8-B691-3284FDCFA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*",
"matchCriteriaId": "FD4E8470-B8CE-4670-8334-86B817180E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*",
"matchCriteriaId": "2276EFC8-B5E6-449F-BDD0-EF2108A4CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*",
"matchCriteriaId": "2C8B27BE-651D-4B3A-9413-5ABA8AF2AA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*",
"matchCriteriaId": "41EA5F8E-05B5-4C4A-8853-B6948C358F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*",
"matchCriteriaId": "3E1A5843-F09A-4BBE-878D-C967E4061B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*",
"matchCriteriaId": "D579A835-6B7F-4C77-991F-C760CB8D3750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*",
"matchCriteriaId": "B4935091-B9B4-4EA7-8785-FE4529ACFEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*",
"matchCriteriaId": "33DAB50E-18A0-43CC-9043-5E2B722F3A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*",
"matchCriteriaId": "0E1E9E82-17E3-4B43-AD5B-BBAD25759950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*",
"matchCriteriaId": "E73BDC2E-3C39-454F-B929-8BB936F36AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*",
"matchCriteriaId": "C4DF7C74-BD66-41E7-8B47-C700D7BE53E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*",
"matchCriteriaId": "9EA739D6-10BD-48B4-9C30-92BE4381C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*",
"matchCriteriaId": "79219E01-26C2-462C-B604-783490F26565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*",
"matchCriteriaId": "6F121147-1AAB-4123-AFD2-31F39434819F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*",
"matchCriteriaId": "52B9445C-4B0E-437A-BE3C-DBB8A621D354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*",
"matchCriteriaId": "979495B8-8BF0-41B0-9BD5-48554A9C8889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*",
"matchCriteriaId": "A82EF754-CCB7-4A03-8986-42BA76E6A2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*",
"matchCriteriaId": "F4CAFBCA-BD13-4295-A558-844716BA0C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*",
"matchCriteriaId": "AA61FEDD-5F86-45B8-BC55-BDFD6F10BB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet."
},
{
"lang": "es",
"value": "OX App Suite hasta 7.10.6 tiene un consumo de recursos incontrolado a trav\u00e9s de un cuerpo de solicitud grande que contiene una URL de redireccionamiento al servlet aplazador."
}
],
"id": "CVE-2022-37312",
"lastModified": "2024-11-21T07:14:44.290",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T02:15:09.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://open-xchange.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 04:59
Severity ?
Summary
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/Aug/14 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.open-xchange.com/ | Vendor Advisory | |
| nvd@nist.gov | https://exchange.xforce.ibmcloud.com/vulnerabilities/187116 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/Aug/14 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.open-xchange.com/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB465D15-78EA-47FA-BC7C-5A6631EC9578",
"versionEndIncluding": "7.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API."
},
{
"lang": "es",
"value": "OX App Suite versiones 7.10.3 y anteriores, permiten un ataque de tipo SSRF, relacionado con la API de la cuenta de correo y la API /folder/list"
}
],
"id": "CVE-2020-12644",
"lastModified": "2024-11-21T04:59:58.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-31T15:15:10.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/Aug/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/Aug/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.open-xchange.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-02 14:15
Modified
2024-11-21 07:56
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D4F30E-2F52-4948-9C69-C57472833C79",
"versionEndExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Las operaciones de documentos podr\u00edan manipularse para contener tipos de datos no v\u00e1lidos, posiblemente c\u00f3digo de script. Se podr\u00eda inyectar c\u00f3digo de script en una operaci\u00f3n que se ejecutar\u00eda para los usuarios que colaboran activamente en el mismo documento. Los datos de operaci\u00f3n intercambiados entre partes colaboradoras ahora se escapan para evitar la ejecuci\u00f3n del c\u00f3digo. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-29044",
"lastModified": "2024-11-21T07:56:26.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-02T14:15:11.087",
"references": [
{
"source": "security@open-xchange.com",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-30 15:29
Modified
2024-11-21 03:45
Severity ?
Summary
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A45377-C1DE-44AB-A02F-A377BE4E9A56",
"versionEndIncluding": "7.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery."
},
{
"lang": "es",
"value": "OX App Suite, en su versi\u00f3n 7.8.4 y anteriores, permite ataques de Server-Side Request Forgery (SSRF)."
}
],
"id": "CVE-2018-12609",
"lastModified": "2024-11-21T03:45:32.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-30T15:29:03.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-12 09:15
Modified
2024-11-21 08:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7804FF21-94F6-4160-9628-B91ED4CDDCB6",
"versionEndExcluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3159C504-0462-4AA9-9137-F25961B67ED6",
"versionEndExcluding": "7.10.6",
"versionStartExcluding": "7.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37B7CC3-A4D2-4CA5-8159-FE1A9016F9A0",
"versionEndExcluding": "8.20",
"versionStartExcluding": "7.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7AB04398-3973-4503-959E-FA8EE511DA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3464:*:*:*:*:*:*",
"matchCriteriaId": "161CD641-C9EC-4FBE-BFFD-48C96FE71085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3519:*:*:*:*:*:*",
"matchCriteriaId": "73F1F959-F82B-4E00-91AE-C39037A93DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3569:*:*:*:*:*:*",
"matchCriteriaId": "E151E1EA-DA35-47CB-80C2-359518C213FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3627:*:*:*:*:*:*",
"matchCriteriaId": "156910B8-F553-4F4C-B990-131F04001AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3728:*:*:*:*:*:*",
"matchCriteriaId": "13248A9A-D131-4596-A511-A18A83F9D4C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3875:*:*:*:*:*:*",
"matchCriteriaId": "54936294-45A6-410B-B6F6-CC2CEFCE937E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3922:*:*:*:*:*:*",
"matchCriteriaId": "8EDB7577-5763-41A1-90A7-7D7F225F8C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3949:*:*:*:*:*:*",
"matchCriteriaId": "39B4BD56-3236-4AE0-93F6-F0E0190C77AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3991:*:*:*:*:*:*",
"matchCriteriaId": "6F20C5D9-6DCA-4F3F-A9A8-FACAE5C4AB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4047:*:*:*:*:*:*",
"matchCriteriaId": "F94B78AE-45FE-4BA7-BFD6-55767F8C3A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4133:*:*:*:*:*:*",
"matchCriteriaId": "B103D02E-C443-446B-A358-A052866BC624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4423:*:*:*:*:*:*",
"matchCriteriaId": "4D578FCB-EE90-4BB9-9E28-DC1FA139787C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4470:*:*:*:*:*:*",
"matchCriteriaId": "71380C28-6A25-425B-BE7F-6D06E0CE5C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4552:*:*:*:*:*:*",
"matchCriteriaId": "DDBF0D2F-2C22-448E-A0D2-E66527188928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4667:*:*:*:*:*:*",
"matchCriteriaId": "50EC169C-73B6-40F5-8C7A-6DD71DC19893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4750:*:*:*:*:*:*",
"matchCriteriaId": "4B2CA948-280B-4EB8-9309-B016C9557A64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4789:*:*:*:*:*:*",
"matchCriteriaId": "36511A48-EBD8-40C2-A1FB-10F33264CF3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4839:*:*:*:*:*:*",
"matchCriteriaId": "EBE8374F-0D7D-422F-83AC-ADF9B9E6E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4860:*:*:*:*:*:*",
"matchCriteriaId": "285B9A4B-6F4F-4899-AD2A-57E22BF9F7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4895:*:*:*:*:*:*",
"matchCriteriaId": "5BAD0604-90FC-4647-854A-E10330579B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5104:*:*:*:*:*:*",
"matchCriteriaId": "7F26505E-0F61-40A2-B6BA-17C7E30D375C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5165:*:*:*:*:*:*",
"matchCriteriaId": "FD3E0ABC-2DAC-4441-96DB-BD84DD8B8E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5231:*:*:*:*:*:*",
"matchCriteriaId": "347700F5-3BDA-4DA3-AA81-4D593E131AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5537:*:*:*:*:*:*",
"matchCriteriaId": "5EF075DE-44C7-4FC0-9BD7-E7A2C95651D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5637:*:*:*:*:*:*",
"matchCriteriaId": "5CB6B4D0-E2B8-44F3-877B-293325EF44A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5910:*:*:*:*:*:*",
"matchCriteriaId": "716CC742-9F23-4734-9CFF-338A231476D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A144D75D-60A8-4EE0-813C-F658C626B2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*",
"matchCriteriaId": "2DA66230-DE02-4881-A893-E9E78286B157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*",
"matchCriteriaId": "955F3DFB-6479-4867-B62A-82730DBEB498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*",
"matchCriteriaId": "327D1B56-0D05-4D99-91D4-CC1F0AC32972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*",
"matchCriteriaId": "D0CD0684-C431-47F8-A2F4-1936D5C5A72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*",
"matchCriteriaId": "EAA6A4A7-C1EE-4716-9F4D-2FF4C4D5FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*",
"matchCriteriaId": "D0968764-CCEE-47A7-9111-E106D887DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*",
"matchCriteriaId": "16589FBB-F0CD-4041-8141-5C89FCCA72AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*",
"matchCriteriaId": "3CB877EE-A5FE-4FF7-9D21-5C1CFA7343D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*",
"matchCriteriaId": "0DF5FB90-8D6D-4F99-B454-411B1DFFA630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*",
"matchCriteriaId": "F58876B9-6C2E-4048-A793-B441A84E86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*",
"matchCriteriaId": "D5F177CB-CC45-45A0-9D02-C14A13ECC7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*",
"matchCriteriaId": "A89A4192-54E9-4899-8C7B-6C7F7E650D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*",
"matchCriteriaId": "F2DC1357-9CD5-415F-A190-2F3F4498EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*",
"matchCriteriaId": "D78ACF64-2802-44DD-AF7A-1BD5EA7F9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*",
"matchCriteriaId": "E8F675FA-1684-413A-B1BE-1C5434AC2862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*",
"matchCriteriaId": "F3F1FDC3-35B2-4BDB-A685-75BC72588179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*",
"matchCriteriaId": "5B1E509D-2F41-4296-86D2-6BD71783060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*",
"matchCriteriaId": "AC93EA37-F341-45EC-B651-4F326FB8C613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB8A6-1702-462C-BFCB-39F91D2EFCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*",
"matchCriteriaId": "FC0AEFDB-D033-47FC-93FC-8652F922BB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*",
"matchCriteriaId": "B5354768-6527-43C2-B492-A8C14AB4E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*",
"matchCriteriaId": "D83F26D1-B8C6-4114-81EC-810DD5412DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*",
"matchCriteriaId": "E9EBC010-9963-4636-96F7-A121FCF755A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*",
"matchCriteriaId": "F626D64B-C301-4CD8-94B4-48689BD3F29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*",
"matchCriteriaId": "5E32810C-7B35-42F1-BCA5-E10C02BE2215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*",
"matchCriteriaId": "6539D059-8614-4C26-93C4-C2DDCC5D35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*",
"matchCriteriaId": "E359EE75-A2F9-479B-B757-CAE1064AB8F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*",
"matchCriteriaId": "0BCABDEF-D292-406E-B53C-AFF22484E916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*",
"matchCriteriaId": "ABE8872C-B1DD-4A45-8EF8-E8C355CA6C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*",
"matchCriteriaId": "44B20B83-833A-4C68-8693-365BD046C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*",
"matchCriteriaId": "E254E6D1-D18E-4A2A-A2FF-7D03F39E65DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*",
"matchCriteriaId": "5F0C5E53-4D15-425A-B4CF-5869353724BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*",
"matchCriteriaId": "2F4BF5F1-F316-4BAC-83E0-DEAC8C50754E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*",
"matchCriteriaId": "5CDD03A8-5B86-4B87-9C29-6C967261C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*",
"matchCriteriaId": "6071E15F-4D59-41DC-A4D4-7D1AA392A1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*",
"matchCriteriaId": "C72C1CEB-7BF7-4A5F-B2E9-397F86CCBF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*",
"matchCriteriaId": "5B0F0218-4224-4084-B38D-9719D3782C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*",
"matchCriteriaId": "BFC41329-1AD6-4575-A22D-977EC5539DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*",
"matchCriteriaId": "217A06B7-0823-4508-BC0C-AD792BA88F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*",
"matchCriteriaId": "246E98B2-A6C8-4410-AA6A-7E81EE8C5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*",
"matchCriteriaId": "74D1EC02-D009-45DA-B1EC-2219E0F0183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243:*:*:*:*:*:*",
"matchCriteriaId": "0F56A261-EC62-423C-B487-35EA9D4A83FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245:*:*:*:*:*:*",
"matchCriteriaId": "D295E160-C87A-498D-AB0E-BA1E50825249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248:*:*:*:*:*:*",
"matchCriteriaId": "A30BE138-D745-4F0E-AAE4-202A1C769C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249:*:*:*:*:*:*",
"matchCriteriaId": "7CF4FCB9-7360-4ABB-95FB-0239CDC8D3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250:*:*:*:*:*:*",
"matchCriteriaId": "465DD666-3499-4911-A1DF-6BAAFCCFA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251:*:*:*:*:*:*",
"matchCriteriaId": "6F18CEDC-5D7A-4496-8B5E-59EBEA4362BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255:*:*:*:*:*:*",
"matchCriteriaId": "8C1DE547-F217-4518-AD90-3607AE21F6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known."
},
{
"lang": "es",
"value": "El procesamiento de cadenas de agente de usuario DAV definidas por el usuario no est\u00e1 limitado. La disponibilidad de OX App Suite podr\u00eda verse reducida debido a la alta carga de procesamiento. Implemente las actualizaciones y lanzamientos de parches proporcionados. Ahora se monitorea el tiempo de procesamiento de los agentes de usuario de DAV y la solicitud relacionada finaliza si se alcanza un umbral de recursos. No se conocen exploits disponibles p\u00fablicamente."
}
],
"id": "CVE-2023-41705",
"lastModified": "2024-11-21T08:21:30.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-12T09:15:10.880",
"references": [
{
"source": "security@open-xchange.com",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"source": "security@open-xchange.com",
"tags": [
"Release Notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:56
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*",
"matchCriteriaId": "63233ABF-06E1-4819-B885-1028FEA3EB5A",
"versionEndIncluding": "7.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files \"in browser\" based on our Mail or Drive app. In case of \"a\" tags, this may include link targets with base64 encoded \"data\" references. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. El c\u00f3digo de secuencia de comandos dentro de los archivos SVG se mantiene al abrir dichos archivos \"en el navegador\" en funci\u00f3n de nuestra aplicaci\u00f3n Correo o Drive. En el caso de las etiquetas \"a\", esto puede incluir objetivos de enlace con referencias de \"datos\" codificadas en base64. El c\u00f3digo de script malicioso se puede ejecutar dentro del contexto de un usuario. Esto puede conducir al secuestro de sesi\u00f3n o activar acciones no deseadas a trav\u00e9s de la interfaz web (env\u00edo de correo, eliminaci\u00f3n de datos, etc.)"
}
],
"id": "CVE-2016-6844",
"lastModified": "2024-11-21T02:56:56.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:17.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2024-11-21 02:56
Severity ?
Summary
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93457 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*",
"matchCriteriaId": "63233ABF-06E1-4819-B885-1028FEA3EB5A",
"versionEndIncluding": "7.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user\u0027s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. Archivos SVG pueden ser usados como \u00e1lbumes mp3. En caso de que su estructura XML contenga un c\u00f3digo script, este c\u00f3digo puede ser ejecutado cuando se llama a la URL de portada relacionada. El c\u00f3digo script malicioso puede ser ejecutado en un contexto de usuario. Esto puede conducir al secuestro de sesi\u00f3n o activar acciones no deseadas a trav\u00e9s de la interfaz web (env\u00edo de correo, eliminaci\u00f3n de datos, etc.)."
}
],
"id": "CVE-2016-6847",
"lastModified": "2024-11-21T02:56:57.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:19.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-17 14:55
Modified
2024-11-21 02:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | * | |
| open-xchange | open-xchange_appsuite | 6.20.7 | |
| open-xchange | open-xchange_appsuite | 6.22.0 | |
| open-xchange | open-xchange_appsuite | 6.22.1 | |
| open-xchange | open-xchange_appsuite | 7.0.1 | |
| open-xchange | open-xchange_appsuite | 7.0.2 | |
| open-xchange | open-xchange_appsuite | 7.2.0 | |
| open-xchange | open-xchange_appsuite | 7.2.1 | |
| open-xchange | open-xchange_appsuite | 7.2.2 | |
| open-xchange | open-xchange_appsuite | 7.4.0 | |
| open-xchange | open-xchange_appsuite | 7.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567B4139-220A-46A7-B847-616F99A1EA66",
"versionEndIncluding": "7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF31219-8390-4676-A9C4-D625A016C71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75B04598-67CD-420B-92C9-9A7459295E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAEED7B-C295-42B4-A60B-2EAA596E3D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A22E01-73E0-4140-8BA1-AB147A9471CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name."
},
{
"lang": "es",
"value": "Vulnerabilidad cross-site scripting (XSS) en Backend en Open-Xchange (OX) AppSuite anterior a 7.4.2-rev33 y 7.6.x anterior a 7.6.0-rev16 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de la publicaci\u00f3n del nombre de la carpeta."
}
],
"id": "CVE-2014-5234",
"lastModified": "2024-11-21T02:11:39.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-17T14:55:03.447",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61080"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/533443/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/69796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533443/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69796"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}