Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is not properly handled in "Guard PGP Settings."

SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.