Open-xchange appsuite frontend

This hub aggregates every CVE we track for Open-xchange appsuite frontend, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.

Communications

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM7HIGH1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 8 most recently published vulnerabilities affecting Open-xchange appsuite frontend.

CVE-2024-4367A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and T...8.8May 14, 2024
CVE-2023-26450The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session h...5.4Aug 2, 2023
CVE-2023-26449The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hi...5.4Aug 2, 2023
CVE-2023-26448Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can...5.4Aug 2, 2023
CVE-2023-26447The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script cod...5.4Aug 2, 2023
CVE-2023-26446The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hija...5.4Aug 2, 2023
CVE-2023-26445Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims c...5.4Aug 2, 2023
CVE-2016-6846Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 bef...6.1Mar 29, 2017

Product normalization is registry-driven with AI assist and human review. How it works