Ox guard

This hub aggregates every CVE we track for Ox guard, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 11 most recently published vulnerabilities affecting Ox guard.

• CVE-2023-26456Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripti...5.4Nov 2, 2023
• CVE-2020-28944OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.7.5Apr 30, 2021
• CVE-2020-9426OX Guard 2.10.3 and earlier allows XSS.6.1Jun 15, 2020
• CVE-2020-9427OX Guard 2.10.3 and earlier allows SSRF.5.0Jun 15, 2020
• CVE-2018-10986OX Guard 2.8.0 has CSRF.8.8Jul 3, 2019
• CVE-2016-4028An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding orac...7.5Dec 15, 2016
• CVE-2016-6854An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script c...6.1Dec 15, 2016
• CVE-2016-6853An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later o...6.1Dec 15, 2016
• CVE-2016-6851An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks a...6.1Dec 15, 2016
• CVE-2015-8542An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. ...8.8Dec 15, 2016
• CVE-2015-7385Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is n...4.3Nov 19, 2015