Public Open-Xchange bug reports.

Team Bounty Title
Open-Xchange $200 Critical : View/Edit access to private appointments of calendar folder by read only user (Vertical privilege escalation)
Open-Xchange $200 Unauthorized access to attachments details of Private Calendar appointments (Access control issue)
Open-Xchange $200 Resend invitation to members by Read only user(Privilege Escalation)
Open-Xchange $250 Set Cookie Via SVG
Open-Xchange $500 Reflected Cross-Site Scripting due to vulnerable Flash component (Flashmediaelement.swf)
Open-Xchange $100 Selecting encryption for email with drive attachment overrides the drive email password
Open-Xchange $666 Tab nabbing via window.opener
Open-Xchange $300 Stored XSS in Template Documents
Open-Xchange $300 OX (Guard): Stored Cross-Site Scripting via Email Attachment
Open-Xchange $1,000 OX (Guard): Stored Cross-Site Scripting via Incoming Email