[原文]Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline.
Open-Xchange Webmail HTML Attachment Arbitrary Script Insertion
Remote / Network Access
Loss of Integrity
Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: disable the "Inline HTML" option.