id	summary	reporter	owner	description	type	status	priority	component	severity	resolution	keywords	cc	release
8580	Comments not properly escaped / script injection possibility	anonymous	richard	The ChangeLog comment on the ticket view is not escaped which, in addition to not showing "<text>" style comments, means it is possible to inject script tags.	defect	closed	normal	TracTicketChangelogPlugin	major	fixed			0.12