ID: 3297
Title: Fixes possible XSS in views sidebar snapin
Component: Multisite
Level: 1
Class: Security Fix
Version: 1.2.9i1
Authenticated and permitted users could create views using
a topic which might contains HTML code, for example script tags,
that where executed when having the view listed in the views snapin.
Making the JS code be executed by other users is only possible with
view publish permissions which normally only admin users have.
Show replies by date