CVE-2023-36126

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0...

Open-Xchange: [XSS] Parameter Theme

Hi. I found two cases via theme: inline fail && inject file done js $.when.applythis, g.thenfunction return g.mapfunctiona return a.responseText .join"/:oxsep:/" .donefunctionc 2 runCodeox.apiRoot, "/apps/load/", ox.version, ",", a.join"", c, e.completeLoadb, c.split"/:oxsep:/".eachfunctiona !...