Open-Xchange AppSuite 7.10.5 Patch Release 6140
Approved changes feed: RSS · Atom
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*
part: a version: 7.10.5 update: patch_release_6140
| Vendor | Open Xchange (85b486f1-55be-55d2-8b83-a25950d10c23) |
|---|---|
| Product | Open Xchange Appsuite (5c4f7579-8692-5eac-881b-9aff46aef717) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:open-xchange.com/appsuite |
purl2cpe | 2026-06-01 10:16:43.940868 |
pkg:rpm/opensuse/open-xchange-appsuite |
purl2cpe | 2026-06-01 10:16:43.940869 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-37313 |
vulnerable | 2026-06-03 14:47:46.727775 |
Details available
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
Published: 2022-12-26T00:00:00.000Z
Updated: 2025-04-14T14:33:40.561Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-37312 |
vulnerable | 2026-06-03 14:47:46.725836 |
Details available
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
Published: 2022-12-26T00:00:00.000Z
Updated: 2025-04-14T14:35:39.930Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-37311 |
vulnerable | 2026-06-03 14:47:46.723868 |
Details available
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.
Published: 2022-12-26T00:00:00.000Z
Updated: 2025-04-14T14:36:38.009Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-37310 |
vulnerable | 2026-06-03 14:47:46.721978 |
Details available
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.
Published: 2022-12-26T00:00:00.000Z
Updated: 2025-04-14T14:38:35.949Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-37309 |
vulnerable | 2026-06-03 14:47:46.719958 |
Details available
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
Published: 2022-12-26T00:00:00.000Z
Updated: 2025-04-14T14:42:07.163Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-37308 |
vulnerable | 2026-06-03 14:47:46.717858 |
Details available
OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.
Published: 2022-12-26T00:00:00.000Z
Updated: 2025-04-14T14:43:15.189Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-37307 |
vulnerable | 2026-06-03 14:47:46.705237 |
Details available
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.
Published: 2022-12-26T00:00:00.000Z
Updated: 2025-04-14T14:44:24.195Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-31469 |
vulnerable | 2026-06-03 14:47:11.250495 |
Details available
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.
Published: 2022-12-26T00:00:00.000Z
Updated: 2025-04-14T14:11:39.022Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.