Summary
Detail | |||
---|---|---|---|
Vendor | Open-Xchange | First view | 2020-08-31 |
Product | Open-Xchange Appsuite | Last view | 2022-12-26 |
Version | 7.10.3 | Type | Application |
Update | rev7 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:open-xchange:open-xchange_appsuite |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.3 | 2022-12-26 | CVE-2022-37313 | OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. |
5.3 | 2022-12-26 | CVE-2022-37312 | OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. |
5.3 | 2022-12-26 | CVE-2022-37311 | OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. |
6.1 | 2022-12-26 | CVE-2022-37310 | OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. |
6.1 | 2022-12-26 | CVE-2022-37309 | OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. |
6.1 | 2022-12-26 | CVE-2022-37308 | OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. |
6.1 | 2022-12-26 | CVE-2022-37307 | OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature. |
6.1 | 2022-12-26 | CVE-2022-31469 | OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI. |
5.4 | 2022-12-26 | CVE-2022-29853 | OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. |
5.4 | 2022-12-26 | CVE-2022-29852 | OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. |
6.1 | 2021-07-22 | CVE-2021-37403 | OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. |
6.1 | 2021-07-22 | CVE-2021-37402 | OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. |
5.4 | 2021-07-22 | CVE-2021-26699 | OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. |
6.1 | 2021-07-22 | CVE-2021-26698 | OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. |
6.1 | 2021-05-03 | CVE-2020-28945 | OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as  that is mishandled in the scheduling view. |
6.1 | 2021-04-30 | CVE-2021-31934 | OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone. |
6.5 | 2021-04-30 | CVE-2020-28943 | OX App Suite 7.10.4 and earlier allows SSRF via a snippet. |
6.1 | 2021-01-12 | CVE-2021-23936 | OX App Suite through 7.10.4 allows XSS via the subject of a task. |
6.1 | 2021-01-12 | CVE-2021-23935 | OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. |
6.1 | 2021-01-12 | CVE-2021-23934 | OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. |
6.1 | 2021-01-12 | CVE-2021-23933 | OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL. |
6.1 | 2021-01-12 | CVE-2021-23932 | OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename. |
6.1 | 2021-01-12 | CVE-2021-23931 | OX App Suite through 7.10.4 allows XSS via an inline binary file. |
6.1 | 2021-01-12 | CVE-2021-23930 | OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
85% (24) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
7% (2) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
3% (1) | CWE-639 | Access Control Bypass Through User-Controlled Key |
3% (1) | CWE-307 | Improper Restriction of Excessive Authentication Attempts |