Open-Xchange: [XSS] RSS Feed Widget

Hi. If type == null OR type any not htm, xhtm then data not sanitize, e.g.: - - - RssAction.java: java for SyndContent content : contents String type = content.getType; if null != type && type.startsWith"htm" || type.startsWith"xhtm" foundHtml = true; String htmlContent =...