ox software gmbh

Top products

The 15 most recently published vulnerabilities affecting ox software gmbh.

• CVE-2023-29047Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent...5.3Nov 2, 2023
• CVE-2023-29046Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endp...4.3Nov 2, 2023
• CVE-2023-29045Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for user...5.4Nov 2, 2023
• CVE-2023-29044Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively colla...5.4Nov 2, 2023
• CVE-2023-29043Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious...6.1Nov 2, 2023
• CVE-2023-26456Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripti...5.4Nov 2, 2023
• CVE-2023-26455RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI...5.6Nov 2, 2023
• CVE-2023-26454Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imagecon...7.6Nov 2, 2023
• CVE-2023-26453Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter...7.6Nov 2, 2023
• CVE-2023-26452Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networ...7.6Nov 2, 2023
• CVE-2023-26451Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be ...7.5Aug 2, 2023
• CVE-2023-26450The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session h...5.4Aug 2, 2023
• CVE-2023-26449The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hi...5.4Aug 2, 2023
• CVE-2023-26448Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can...5.4Aug 2, 2023
• CVE-2023-26447The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script cod...5.4Aug 2, 2023