CVSS N/A

2021-05-03 22:15:00 2021-05-04 12:21:00

OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.