OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.

By admin