Open Xchange Appsuite
Approved changes feed: RSS · Atom
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*
part: a version: 7.6.3 update: rev23
| Vendor | Open Xchange (85b486f1-55be-55d2-8b83-a25950d10c23) |
|---|---|
| Product | Open Xchange Appsuite (5c4f7579-8692-5eac-881b-9aff46aef717) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:open-xchange.com/appsuite |
purl2cpe | 2026-06-01 10:16:44.019528 |
pkg:rpm/opensuse/open-xchange-appsuite |
purl2cpe | 2026-06-01 10:16:44.019529 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-9998 |
vulnerable | 2026-06-03 14:39:11.156007 |
Details available
Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks.
Published: 2018-07-05T20:00:00.000Z
Updated: 2024-08-05T07:32:00.693Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9997 |
vulnerable | 2026-06-03 14:39:11.121647 |
Details available
Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.
Published: 2018-07-05T20:00:00.000Z
Updated: 2024-08-05T07:32:00.750Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-5756 |
vulnerable | 2026-06-03 14:38:58.537575 |
Details available
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.
Published: 2018-06-15T21:00:00.000Z
Updated: 2024-08-05T05:40:51.265Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-5753 |
vulnerable | 2026-06-03 14:38:58.534655 |
Details available
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.
Published: 2018-06-15T21:00:00.000Z
Updated: 2024-08-05T05:40:51.212Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-5752 |
vulnerable | 2026-06-03 14:38:58.532587 |
Details available
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.
Published: 2018-06-15T21:00:00.000Z
Updated: 2024-08-05T05:40:51.241Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-5751 |
vulnerable | 2026-06-03 14:38:58.497330 |
Details available
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
Published: 2018-06-15T21:00:00.000Z
Updated: 2024-08-05T05:40:51.211Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-17062 |
vulnerable | 2026-06-03 14:36:53.842544 |
Details available
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.
Published: 2018-06-15T21:00:00.000Z
Updated: 2024-08-05T20:43:59.444Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.