ID: 6612
Title: Fixed possible reflected XSS using back URLs in view editor
Component: Multisite
Level: 1
Class: Security fix
Version: 1.6.0i1
The parameter back of the following requests is vulnerable to reflected XSS.
This vulnerability affects the create/modify view page and requires at least
guest privileges. The victim has to click on the back button to trigger the
injected code.