open-xchange

272 tracked vulnerabilities.

CVE-2016-6854 MEDIUM
Open-Xchange OX Guard < 2.4.2 - Stored Cross-Site Scripting via PGP Signature Verification
Dec 15, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-6853 MEDIUM
Open-Xchange OX Guard < 2.4.2 - Stored Cross-Site Scripting via PGP Public Key Name
Dec 15, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-6852 MEDIUM
Open-Xchange AppSuite < 7.8.2 - Unauthenticated Local File Path Disclosure via RSS Reader
Dec 15, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-6851 MEDIUM
Open-Xchange OX Guard < 2.4.2 - Unauthenticated Stored Cross-Site Scripting via Guest Reader Parameter
Dec 15, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-6850 MEDIUM
Open-Xchange AppSuite < 7.8.2 - Stored Cross-Site Scripting via SVG Profile Picture
Dec 15, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-6848 MEDIUM
Open-Xchange App Suite < 7.8.2 - Unauthenticated Reflected File Download via API Request
Dec 15, 2016
CVSS 5.5
EPSS 0.00
CVE-2016-6847 MEDIUM
Open-Xchange AppSuite < 7.8.2 - Stored Cross-Site Scripting via SVG Album Cover
Dec 15, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-6845 MEDIUM
Open-Xchange App Suite < 7.8.2 - Stored Cross-Site Scripting via Base64-Encoded Data Resources in HTML Email Hyperlinks
Dec 15, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-6844 MEDIUM
Open-Xchange AppSuite < 7.8.2 - Stored Cross-Site Scripting via SVG File Handling
Dec 15, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-6843 MEDIUM
Open-Xchange AppSuite < 7.8.2 - Stored Cross-Site Scripting via Contact Name Autocomplete
Dec 15, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-6842 MEDIUM
Open-Xchange AppSuite < 7.8.2 - Stored Cross-Site Scripting via User Name in Templates Folder
Dec 15, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-5740 MEDIUM
Open-Xchange OX App Suite <7.8.2-rev5 - RCE
Dec 15, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-5124 MEDIUM
Open-Xchange App Suite < 7.8.1 - Stored Cross-Site Scripting via Drag-and-Drop Image Insertion
Dec 15, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-4048 MEDIUM
Open-Xchange OX App Suite <7.8.1-rev11 - XSS
Dec 15, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-4047 MEDIUM
Open-Xchange OX App Suite <7.8.1-rev8 - Info Disclosure
Dec 15, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-4046 MEDIUM
Open-Xchange OX App Suite <7.8.1-rev11 - Info Disclosure
Dec 15, 2016
CVSS 5.8
EPSS 0.00
CVE-2016-4045 MEDIUM
Open-Xchange OX App Suite <7.8.1-rev11 - RCE
Dec 15, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-4028 HIGH
Open-Xchange OX Guard <2.4.0-rev8 - Info Disclosure
Dec 15, 2016
CVSS 7.5
EPSS 0.00
CVE-2016-4027 LOW
Open-Xchange OX App Suite <7.8.1-rev10 - Info Disclosure
Dec 15, 2016
CVSS 3.5
EPSS 0.00
CVE-2016-4026 MEDIUM
Open-Xchange OX App Suite <7.8.1-rev11 - XSS
Dec 15, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-3174 HIGH
Open-Xchange AppSuite < 7.8.0 - Open Redirect via Defer Servlet
Dec 15, 2016
CVSS 7.4
EPSS 0.00
CVE-2016-3173 MEDIUM
Open-Xchange OX AppSuite < 7.8.0 - Stored Cross-Site Scripting via Portal Tile Aria-Label Parameter
Dec 15, 2016
CVSS 5.4
EPSS 0.00
CVE-2016-2840 MEDIUM
Open-Xchange AppSuite < 7.8.0 - Unauthenticated Reflected Cross-Site Scripting via Session Parameter
Dec 15, 2016
CVSS 6.1
EPSS 0.01
CVE-2015-1588 MEDIUM
Open-Xchange Server/OX AppSuite <7.4.2-rev43,7.6.0-rev38,7.6.1-rev2...
Jun 08, 2017
CVSS 6.1
EPSS 0.00
CVE-2015-8542 HIGH
Open-Xchange Guard <2.2.0-rev8 - Auth Bypass
Dec 15, 2016
CVSS 8.8
EPSS 0.00
Products
open-xchange_appsuite 157 ox_app_suite 48 dovecot 16 open-xchange_appsuite_backend 14 open-xchange_server 13 ox_guard 11 open-xchange_appsuite_frontend 8 open-xchange_appsuite_office 4 open-xchange_documents 3 app_suite 2 open-xchange 2 documentconverter-api 1 office_web 1 ox_cloud 1
Quick Filters
Critical CVEs With Exploits In CISA KEV