CVE-2022-37307 Information

Description

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet as demonstrated by the onerror attribute of an IMG element within an e-mail signature.

Reference

https://seclists.org/fulldisclosure/2022/Nov/18 https://open-xchange.com