OX App Suite 7.10.4 and previous versions allows XSS via crafted content to reach an undocumented feature, such as ![](onerror=Function.constructor, in a Notes item.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-xchange open-xchange appsuite |