ID: 8881
Title: Fix possible XSS issue on "confirm failed notifications" page
Component: Multisite
Level: 1
Class: Security fix
Version: 1.7.0i1
Using a manipulated notification script or notification destination system it
was possible to inject javascript code into the "confirm failed notifications"
page.
To prevent users from this potential issue, you could remove the permission for
viewing the failed notifications from the users roles.
Show replies by date