OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.
CWE-79
CVE-2021-23929
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/?delivery=view URI.
CVE-2021-23930
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
CVE-2021-23931
OX App Suite through 7.10.4 allows XSS via an inline binary file.
CVE-2021-23932
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
CVE-2021-23933
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.