OX App Suite up to and including 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.
open-xchange ox app suite