Open-xchange Open-xchange Appsuite Frontend — known CVE vulnerabilities
Every CVE whose affected-product data names Open-xchange Open-xchange Appsuite Frontend, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2024-4367 — CVSS 8.8 (high): A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This…
CVE-2016-6846 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before…
CVE-2023-26446 — CVSS 5.4 (medium): The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed…
CVE-2023-26447 — CVSS 5.4 (medium): The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not…
CVE-2023-26448 — CVSS 5.4 (medium): Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script…
CVE-2023-26449 — CVSS 5.4 (medium): The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be…
CVE-2023-26450 — CVSS 5.4 (medium): The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be…
CVE-2023-26445 — CVSS 5.4 (medium): Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login…