CVE-2006-0091

Name of the Vulnerable Software and Affected Versions: Open-Xchange versions 0.8.1-6 and earlier

Description: The issue concerns a cross-site scripting (XSS) vulnerability in the webmail component of Open-Xchange, specifically when the "Inline HTML" feature is enabled. This allows remote attackers to inject arbitrary web script or HTML via email attachments that are rendered inline.

Recommendations: For Open-Xchange versions 0.8.1-6 and earlier, consider disabling the "Inline HTML" feature to prevent the rendering of email attachments inline until a fix is available.