Open-Xchange OX App Suite backend 8.35.110
Moderate fix4 remedies
cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:*:*:*:*:*:*:*
Moderate fix4 remedies
- 8.35.110
- 8.39.85
- 8.40.73
- 8.41.50
Open-Xchange OX App Suite Cross-Site Scripting Vulnerability via Malicious Email Content
Vulnerability
Patched
A cross-site scripting vulnerability has been identified in Open-Xchange OX App Suite backend versions 8.35.110, 8.39.85, 8.40.73, and 8.41.50. This vulnerability allows malicious email content to execute script code, potentially leading to unintended actions being performed in the context of the user's account. Such actions could include the exfiltration of sensitive information. The issue arises from a bypass in the content sanitization process, which has since been addressed.
Impact
Exploitation of this vulnerability could allow for cross-site scripting, where an attacker could inject malicious scripts that are executed in the context of the user's account.
Remediation
Users are advised to update to OX App Suite backend versions 8.35.111, 8.39.86, 8.40.74, or 8.41.51, where this vulnerability has been fixed.
Added: Nov 27, 2025, 10:18 AM
Updated: Nov 27, 2025, 10:18 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
3.1exploitability
6.5remediation
7.7relevance
1.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.