GCVE - cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release

Approved changes feed: RSS · Atom

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*

part: a version: 7.10.5 update: patch_release_6020

Vendor	Open Xchange (`85b486f1-55be-55d2-8b83-a25950d10c23`)
Product	Open Xchange Appsuite (`5c4f7579-8692-5eac-881b-9aff46aef717`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:open-xchange.com/appsuite`	purl2cpe	2026-06-01 10:16:43.940803
`pkg:rpm/opensuse/open-xchange-appsuite`	purl2cpe	2026-06-01 10:16:43.940804

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-37313`	vulnerable	2026-06-03 14:47:46.727319	Details available OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. Published: 2022-12-26T00:00:00.000Z Updated: 2025-04-14T14:33:40.561Z Open on db.gcve.eu Reference links https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-37312`	vulnerable	2026-06-03 14:47:46.725377	Details available OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. Published: 2022-12-26T00:00:00.000Z Updated: 2025-04-14T14:35:39.930Z Open on db.gcve.eu Reference links https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-37311`	vulnerable	2026-06-03 14:47:46.723408	Details available OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. Published: 2022-12-26T00:00:00.000Z Updated: 2025-04-14T14:36:38.009Z Open on db.gcve.eu Reference links https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-37310`	vulnerable	2026-06-03 14:47:46.721513	Details available OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. Published: 2022-12-26T00:00:00.000Z Updated: 2025-04-14T14:38:35.949Z Open on db.gcve.eu Reference links https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-37309`	vulnerable	2026-06-03 14:47:46.719490	Details available OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. Published: 2022-12-26T00:00:00.000Z Updated: 2025-04-14T14:42:07.163Z Open on db.gcve.eu Reference links https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-37308`	vulnerable	2026-06-03 14:47:46.717363	Details available OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. Published: 2022-12-26T00:00:00.000Z Updated: 2025-04-14T14:43:15.189Z Open on db.gcve.eu Reference links https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-37307`	vulnerable	2026-06-03 14:47:46.691326	Details available OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature. Published: 2022-12-26T00:00:00.000Z Updated: 2025-04-14T14:44:24.195Z Open on db.gcve.eu Reference links https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-31469`	vulnerable	2026-06-03 14:47:11.239619	Details available OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI. Published: 2022-12-26T00:00:00.000Z Updated: 2025-04-14T14:11:39.022Z Open on db.gcve.eu Reference links https://open-xchange.com https://seclists.org/fulldisclosure/2022/Nov/18	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-29853`	vulnerable	2026-06-03 14:46:59.163721	Details available OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. Published: 2022-12-26T00:00:00.000Z Updated: 2025-04-14T18:27:59.904Z Open on db.gcve.eu Reference links https://open-xchange.com https://seclists.org/fulldisclosure/2022/Sep/0	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-29852`	vulnerable	2026-06-03 14:46:59.147443	Details available OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. Published: 2022-12-26T00:00:00.000Z Updated: 2025-04-14T18:28:27.517Z Open on db.gcve.eu Reference links https://open-xchange.com https://seclists.org/fulldisclosure/2022/Sep/0	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Open-Xchange AppSuite 7.10.5 Patch Release 6020

PURL mappings

Vulnerability references

Contribute