CVE-2023-26447
CVE-2023-26447 affects Open-Xchange AppSuite’s portal upsell widget, where a product description sourced from a user-controllable jslob is inserted into the DOM without proper escaping. The underlying issue is DOM-based XSS: unescaped jslob content can execute script in the victim’s browser, pote...