Product
open xchange open xchange appsuite
159 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-41708
CVE-2023-41707
CVE-2023-41706
CVE-2023-41705
CVE-2023-41704
CVE-2023-41703
CVE-2023-29047
CVE-2023-29046
CVE-2023-29045
CVE-2023-29044
CVE-2023-29043
CVE-2023-26455
CVE-2023-26454
CVE-2023-26453
CVE-2023-26452
CVE-2022-37310
CVE-2022-37309
CVE-2022-29853
CVE-2022-29852
CVE-2022-37308
CVE-2022-37313
CVE-2022-37312
CVE-2022-37311
CVE-2022-37307
CVE-2022-31469
CVE-2022-23099
CVE-2021-37403
CVE-2021-37402
CVE-2021-26699
CVE-2021-26698
CVE-2020-28945
CVE-2021-31935
CVE-2021-31934
CVE-2020-28943
CVE-2021-23936
CVE-2021-23935
CVE-2021-23934
CVE-2021-23933
CVE-2021-23932
CVE-2021-23931
CVE-2021-23930
CVE-2021-23929
CVE-2021-23928
CVE-2021-23927
CVE-2020-24701
CVE-2020-24700
CVE-2020-15004
CVE-2020-15003
CVE-2020-15002
CVE-2020-12646
CVE-2020-12645
CVE-2020-12644
CVE-2020-12643
CVE-2020-8544
CVE-2020-8543
CVE-2020-8542
CVE-2020-8541
CVE-2019-18846
CVE-2014-5236
CVE-2014-5238
CVE-2019-16717
CVE-2019-16716
CVE-2013-7486
CVE-2013-7485
CVE-2013-6242
CVE-2019-14227
CVE-2019-14226
CVE-2019-14225
CVE-2019-11806
CVE-2019-11522
CVE-2019-11521
CVE-2019-7159
CVE-2019-7158
CVE-2017-13667
CVE-2017-13668
CVE-2017-5213
CVE-2017-5212
CVE-2017-5211
CVE-2017-5210
CVE-2017-17061
CVE-2017-17060
CVE-2017-15030
CVE-2017-15029
CVE-2017-9808
CVE-2017-8341
CVE-2017-8340
CVE-2017-6912
CVE-2017-5864
CVE-2017-5863
CVE-2017-9809
CVE-2017-12884
CVE-2017-12885
CVE-2018-13104
CVE-2018-13103
CVE-2018-12611
CVE-2018-12610
CVE-2018-12609
CVE-2017-6913
CVE-2018-9998
CVE-2018-9997
CVE-2018-5756
CVE-2018-5755
CVE-2018-5754
CVE-2018-5753
CVE-2018-5752
CVE-2018-5751
CVE-2017-17062
CVE-2014-2078
CVE-2015-1588
CVE-2016-6852
CVE-2016-6850
CVE-2016-6848
CVE-2016-6847
CVE-2016-6845
CVE-2016-6844
CVE-2016-6843
CVE-2016-6842
CVE-2016-5740
CVE-2016-5124
CVE-2016-4048
CVE-2016-4047
CVE-2016-4046
CVE-2016-4045
CVE-2016-4027
CVE-2016-4026
CVE-2016-3174
CVE-2016-3173
CVE-2016-2840
CVE-2015-5375
CVE-2014-9466
CVE-2014-8993
CVE-2014-1679
CVE-2013-6241
CVE-2014-5237
CVE-2014-7871
CVE-2014-5235
CVE-2014-5234
CVE-2014-2393
CVE-2014-2392
CVE-2014-2391
CVE-2014-2077
CVE-2013-7143
CVE-2013-7142
CVE-2013-7141
CVE-2013-7140
CVE-2013-6997
CVE-2013-6074
CVE-2013-6009
CVE-2013-5690
CVE-2013-5936
CVE-2013-5935
CVE-2013-5934
CVE-2013-5200
CVE-2013-5698
CVE-2013-5035
CVE-2013-4790
CVE-2013-3106
CVE-2013-2583
CVE-2013-2582
< 7.10.6
References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references
< 7.6.3
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high proce
< 7.6.3
Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is r
< 7.6.3
Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high proces
< 7.6.3
Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Maliciou
< 7.10.6
User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session
< 7.10.6
Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to injec
< 7.10.6
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those
< 7.10.6
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script cod
< 7.10.6
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an
< 7.10.6
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being p
< 7.10.6
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network ac
< 7.10.6
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerab
< 7.10.6
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability
< 7.10.6
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploi
< 7.10.5
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.
< 7.10.5
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
< 7.10.5
OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail
< 7.10.5
OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.
< 7.10.5
OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.
< 7.10.5
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
< 7.10.5
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferr
< 7.10.5
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.
< 7.10.5
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element w
< 7.10.5
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.
<= 7.10.6
OX App Suite through 7.10.6 allows XSS by forcing block-wise read.
all versions
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a shar
all versions
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy data
all versions
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imag
all versions
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a shar
<= 7.10.4
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as  that is mishandled in the
<= 7.10.4
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishand
<= 7.10.4
OX App Suite 7.10.4 and earlier allows SSRF via a snippet.
<= 7.10.4
OX App Suite through 7.10.4 allows XSS via the subject of a task.
<= 7.10.3
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
<= 7.10.3
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
<= 7.10.3
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
<= 7.10.3
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
<= 7.10.3
OX App Suite through 7.10.4 allows XSS via an inline binary file.
<= 7.10.3
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
<= 7.10.3
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<sha
<= 7.10.3
OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.
<= 7.10.4
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
<= 7.10.4
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
<= 7.10.3
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substr
all versions
OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.
all versions
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a differ
<= 7.10.3
OX App Suite through 7.10.3 allows SSRF via the /ajax/messaging/message message API.
<= 7.10.3
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
>= 7.10.1 and <= 7.10.3
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation not
<= 7.10.3
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
<= 7.10.3
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email a
all versions
OX App Suite through 7.10.3 allows SSRF.
all versions
OX App Suite through 7.10.3 has Improper Input Validation.
all versions
OX App Suite through 7.10.3 allows XSS.
all versions
OX App Suite through 7.10.3 allows XXE attacks.
<= 7.10.2
OX App Suite through 7.10.2 allows SSRF.
<= 7.4.1
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x b
<= 7.4.1
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote
<= 7.10.2
OX App Suite through 7.10.2 has XSS.
<= 7.10.2
OX App Suite through 7.10.2 has Incorrect Access Control.
all versions
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.
all versions
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.
all versions
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before
all versions
OX App Suite 7.10.1 and 7.10.2 allows XSS.
<= 7.10.2
OX App Suite through 7.10.2 has Insecure Permissions.
all versions
OX App Suite 7.10.1 and 7.10.2 allows SSRF.
>= 7.6.3 and <= 7.10.1
OX App Suite 7.10.1 and earlier has Insecure Permissions.
>= 7.10.0 and <= 7.10.2
OX App Suite 7.10.0 to 7.10.2 allows XSS.
all versions
OX App Suite 7.10.1 allows Content Spoofing.
<= 7.10.1
OX App Suite 7.10.1 and earlier allows Information Exposure.
<= 7.10.0
OX App Suite 7.10.0 and earlier has Incorrect Access Control.
<= 7.8.4
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
<= 7.8.4
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
<= 7.8.3
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
all versions
Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.
<= 7.8.3
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
<= 7.8.3
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.
<= 7.8.4
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
<= 7.8.4
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.
<= 7.8.4
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
<= 7.8.4
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
<= 7.8.4
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
<= 7.8.3
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
<= 7.8.3
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
<= 7.8.3
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
<= 7.8.3
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
<= 7.8.3
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.
<= 7.8.4
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.
<= 7.8.4
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.
<= 7.8.4
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
<= 7.8.4
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)
<= 7.8.4
OX App Suite 7.8.4 and earlier allows SSRF.
<= 7.8.4
OX App Suite 7.8.4 and earlier allows Directory Traversal.
<= 7.8.4
OX App Suite 7.8.4 and earlier allows Information Exposure.
<= 7.8.4
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
<= 7.6.3
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrar
<= 7.6.3
Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 inc
<= 7.6.3
Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31
<= 7.6.3
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8
<= 7.6.3
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7
<= 7.8.3
Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 bef
<= 7.6.3
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.
<= 7.6.3
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8
<= 7.6.3
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8
<= 7.6.3
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8
all versions
The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about us
<= 7.4.2
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and
<= 7.8.2
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the
<= 7.8.2
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their X
<= 7.8.2
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download
<= 7.8.2
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their X
<= 7.8.2
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getti
<= 7.8.2
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening su
<= 7.8.2
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding
<= 7.8.2
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute
<= 7.8.2
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments wi
<= 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by dr
<= 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notif
<= 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions
<= 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused
<= 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL nota
<= 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants
<= 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filteri
<= 7.8.0
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a speci
<= 7.8.0
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be use
<= 7.8.0
An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download reque
<= 7.6.2
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and
all versions
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly
<= 7.4.2
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32
<= 7.2.2
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 bef
all versions
The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain
all versions
Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev
<= 7.4.2
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authentica
<= 7.4.1
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-r
<= 7.4.1
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-re
<= 7.2.2
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows rem
<= 7.2.2
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2
<= 7.2.2
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13
all versions
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7
<= 7.4.1
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web scrip
<= 7.4.1
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitra
<= 7.4.1
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitra
<= 7.4.1
XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote auth
<= 7.4.0
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inje
all versions
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allow
<= 7.2.1
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers
<= 7.2.1
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inje
all versions
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers t
all versions
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restric
all versions
Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, whi
all versions
The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x
all versions
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 befor
all versions
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow
all versions
Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied da
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16,
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15,
all versions
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17,