Vulnerabilities (CVE)

Vendor filter

Open-xchange Subscribe

Product filter

Open-xchange Appsuite Subscribe

Filter

91 total CVE
CVE Vendors Products Updated CVSS
CVE-2013-5035 2 Open-xchange, Htmlcleaner Project 2 Open-xchange Appsuite, Htmlcleaner 2013-10-08 4.9
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging...
CVE-2013-5690 1 Open-xchange 1 Open-xchange Appsuite 2013-10-04 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an...
CVE-2013-6009 1 Open-xchange 1 Open-xchange Appsuite 2013-10-04 4.3
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.
CVE-2013-3106 1 Open-xchange 2 Open-xchange Appsuite, Open-xchange Server 2013-09-26 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject...
CVE-2013-2582 1 Open-xchange 2 Open-xchange Appsuite, Open-xchange Server 2013-09-26 5.0
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open...
CVE-2013-2583 1 Open-xchange 2 Open-xchange Appsuite, Open-xchange Server 2013-09-26 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script...
CVE-2013-4790 1 Open-xchange 1 Open-xchange Appsuite 2013-09-26 3.5
Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to...
CVE-2013-5934 1 Open-xchange 1 Open-xchange Appsuite 2013-09-25 4.0
Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the...
CVE-2013-5935 1 Open-xchange 1 Open-xchange Appsuite 2013-09-25 4.3
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain...
CVE-2013-5936 1 Open-xchange 1 Open-xchange Appsuite 2013-09-25 4.3
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the...
CVE-2013-5698 1 Open-xchange 2 Open-xchange Appsuite, Open-xchange Server 2013-09-06 3.5
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script...