CVE-2020-28945
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as 
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.
Date published : 2021-05-03