|
272821
|
6.1 |
MEDIUM
Network
|
open-xchange
|
ox_guard
|
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on …
|
CWE-79
Cross-site Scripting
|
CVE-2016-6853
|
2024-11-21 11:56 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272822
|
6.1 |
MEDIUM
Network
|
open-xchange
|
ox_guard
|
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks aga…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6851
|
2024-11-21 11:56 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272823
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get exec…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6850
|
2024-11-21 11:56 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272824
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when ca…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6847
|
2024-11-21 11:56 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272825
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6845
|
2024-11-21 11:56 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272826
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" …
|
CWE-79
Cross-site Scripting
|
CVE-2016-6844
|
2024-11-21 11:56 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272827
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents sett…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6842
|
2024-11-21 11:56 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272828
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the conte…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6843
|
2024-11-21 11:56 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272829
|
7.3 |
HIGH
Network
|
cisco
|
ios
|
A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication…
|
CWE-287
Improper Authentication
|
CVE-2016-6474
|
2024-11-21 11:56 |
2016-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272830
|
6.5 |
MEDIUM
Adjacent
|
cisco
|
ios
|
A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCu…
|
CWE-399 CWE-74
Resource Management Errors Injection
|
CVE-2016-6473
|
2024-11-21 11:56 |
2016-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|