CVE-2022-37310 Information

Description

OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module as demonstrated by a /!!&app=io.ox/files&cap= URI.

Reference

https://seclists.org/fulldisclosure/2022/Nov/18 https://open-xchange.com