Open-Xchange OX App Suite backend
Moderate fix4 remedies
cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:*:*:*:*:*:*:*, +1 more
Moderate fix4 remedies
- 8.35.110
- 8.39.85
- 8.40.73
- 8.41.67
Open-Xchange OX App Suite Cross-Site Scripting Vulnerability via Uploaded Files
Vulnerability
Patched
A cross-site scripting vulnerability has been identified in Open-Xchange OX App Suite. This issue allows malicious content uploaded as a file to execute script code when links controlled by the attacker are followed. The vulnerability affects several versions of OX App Suite office and backend. The unintended actions triggered by this vulnerability occur in the context of the user's account, potentially leading to the exfiltration of sensitive information.
Impact
Exploitation of this vulnerability could result in cross-site scripting, allowing for the execution of malicious scripts in the user's context.
Remediation
Users are advised to deploy the provided updates and patch releases. Instructions for updating can be found in the Open-Xchange OXAS-ADV-2025-0003 advisory.
Added: Nov 27, 2025, 10:18 AM
Updated: Nov 27, 2025, 10:18 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
3.1exploitability
6.5remediation
7.7relevance
1.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.