ID: 1062
Title: Fixed several XSS issues on different pages
Component: Multisite
Level: 2
Class: Security Fix
Version: 1.2.5i5
Some pages, like the views and prediction pages missed to escape values
provided by the user.
ID: 1063
Title: Fixed several XSS issues on different pages
Component: Multisite
Level: 2
Class: Security Fix
Version: 1.2.5i5
Several pages like views and prediction pages missed to escape user
provided values before writing them back on the pages.
ID: 1052
Title: index start URL can not be used to redirect to absolute URLs anymore
Component: Multisite
Level: 1
Class: Security Fix
Version: 1.2.5i5
An attacker could make a user open up an URL to a compromised website which the
does not want to open index.py?start_url=http://(url to compromised URL).