Name of the Vulnerable Software and Affected Versions: eXpress web client (affected versions not specified)

Description: The issue is caused by insufficient protection of the web page structure in the document viewer library of the eXpress web client. This allows a remote attacker to execute arbitrary Java Script code by sending a specially crafted file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.