Open-Xchange OX App Suite office
Moderate fix5 remedies
cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:*:*:*:*:*:*:*
Moderate fix5 remedies
- 8.35.107
- 8.38.89
- 8.39.83
- 8.40.68
- 8.41.60
Open-Xchange OX App Suite Cross-Site Scripting Vulnerability via Malicious File Upload
Vulnerability
Patched
A cross-site scripting vulnerability has been identified in Open-Xchange OX App Suite. This issue allows malicious content uploaded as a file to execute script code when users follow attacker-controlled links. The vulnerability can lead to unintended actions being performed in the context of the user's account, including the exfiltration of sensitive information. Affected products include OX App Suite office and backend versions 8.35, 8.39, 8.40, and 8.41. The vulnerability arises from improper neutralization of input during web page generation, allowing for cross-site scripting attacks.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's account, potentially leading to the exfiltration of sensitive information.
Remediation
Users are advised to update to the latest patch releases. Instructions for updating can be found in the Open-Xchange OXAS-ADV-2025-0003 security advisory.
Added: Nov 27, 2025, 10:20 AM
Updated: Nov 27, 2025, 10:20 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
3.1exploitability
6.5remediation
7.7relevance
1.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.