OX Software GmbH

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL sta…

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were l…

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected…

Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that wou…

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editi…

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user int…

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse th…

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at l…

Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least a…

Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerabi…