OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.
2022-10-25T19:15:10.480
2025-05-09T17:15:49.543
Modified
CVSSv3.1: 6.1 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | open-xchange | ox_app_suite | ≤ 8.2 | Yes |