CVE-2020-28945

Publication date

2021-05-03 19:38:27

Family

mitre

State

PUBLISHED

Description

OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.