ID: 10242
Title: Fix possible XSS using titles of custom snapins
Component: Multisite
Level: 1
Class: Security fix
Version: 1.7.0i1
Authenticated users that are allowed to configure and share custom snapins
could inject arbitrary JS code to all users which are permitted to view this
snapin.