Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.
Open-Xchange AppSuite versions prior to 7.4.0 fail to properly neutralize script code embedded within SVG files and also suffer from an information exposure vulnerability.