Ox app suite

This hub aggregates every CVE we track for Ox app suite, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Ox app suite.

• CVE-2025-59026Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exf...5.4Nov 27, 2025
• CVE-2025-59025Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization ha...6.1Nov 27, 2025
• CVE-2025-30190Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of se...5.4Nov 27, 2025
• CVE-2025-30186Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exf...5.4Nov 27, 2025
• CVE-2025-30191Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable fur...5.4Oct 31, 2025
• CVE-2025-30188Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailabi...7.5Oct 31, 2025
• CVE-2024-25582Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users acco...5.4Aug 19, 2024
• CVE-2024-23193E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in ca...5.3May 6, 2024
• CVE-2024-23188Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability t...6.5May 6, 2024
• CVE-2024-23187Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract in...6.5May 6, 2024
• CVE-2024-23186E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract informa...6.5May 6, 2024
• CVE-2024-23192RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised acc...6.1Apr 8, 2024
• CVE-2024-23191Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a...5.4Apr 8, 2024
• CVE-2024-23190Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users ac...5.4Apr 8, 2024
• CVE-2024-23189Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the ...5.4Apr 8, 2024