Open-Xchange AppSuite 7.8.4 Rev21
Approved changes feed: RSS · Atom
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*
part: a version: 7.8.4 update: rev21
| Vendor | Open Xchange (85b486f1-55be-55d2-8b83-a25950d10c23) |
|---|---|
| Product | Open Xchange Appsuite (5c4f7579-8692-5eac-881b-9aff46aef717) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:open-xchange.com/appsuite |
purl2cpe | 2026-06-01 10:16:44.089365 |
pkg:rpm/opensuse/open-xchange-appsuite |
purl2cpe | 2026-06-01 10:16:44.089366 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-8544 |
vulnerable | 2026-06-03 14:43:09.617901 |
Details available
OX App Suite through 7.10.3 allows SSRF.
Published: 2020-06-16T13:50:52.000Z
Updated: 2024-08-04T10:03:46.436Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8543 |
vulnerable | 2026-06-03 14:43:09.582654 |
Details available
OX App Suite through 7.10.3 has Improper Input Validation.
Published: 2020-06-16T13:46:10.000Z
Updated: 2024-08-04T10:03:46.150Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9998 |
vulnerable | 2026-06-03 14:39:11.168099 |
Details available
Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks.
Published: 2018-07-05T20:00:00.000Z
Updated: 2024-08-05T07:32:00.693Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9997 |
vulnerable | 2026-06-03 14:39:11.148687 |
Details available
Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.
Published: 2018-07-05T20:00:00.000Z
Updated: 2024-08-05T07:32:00.750Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-5756 |
vulnerable | 2026-06-03 14:38:58.538804 |
Details available
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.
Published: 2018-06-15T21:00:00.000Z
Updated: 2024-08-05T05:40:51.265Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-5752 |
vulnerable | 2026-06-03 14:38:58.533707 |
Details available
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.
Published: 2018-06-15T21:00:00.000Z
Updated: 2024-08-05T05:40:51.241Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-5751 |
vulnerable | 2026-06-03 14:38:58.528333 |
Details available
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
Published: 2018-06-15T21:00:00.000Z
Updated: 2024-08-05T05:40:51.211Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.