OX App Suite prior to 7.10.6-rev30 allows XSS via an upsell trigger.
open-xchange ox app suite 7.10.6
open-xchange ox app suite