-
Bug
-
Resolution: Fixed
-
Neutral
-
1.0.1
The Soft-Locking Module will accept a parameter containing JavaScript, and return it to the client, where the JavaScript then gets executed.
This will allow XSS attacks in the form of links sent to Editors.
Example:
Acceptance criteria