OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.

OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.

OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.

OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file.

chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.