OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.

By admin