Open-Xchange: XSS - Notes - Attribute injection through overlapping tags

The Notes app uses simple markup language to format the content, which is later converted to HTML for display. javascript // frontend/ui/apps/io.ox/notes/parser.js parsePlainText: function text var lines = .escapetext.split/\n/, openList; ... var html = lines.join'' .replace/!\.?/g, ''...