ID: 10242
Title: Fix possible XSS using titles of custom snapins
Component: Multisite
Level: 1
Class: Security fix
Version: 1.7.0i1
Authenticated users that are allowed to configure and share custom snapins
could inject arbitrary JS code to all users which are permitted to view this
snapin.
Show replies by date