TagsPlugin vulnerable against XSS
|Reported by:||muelli||Owned by:||Alec Thomas|
If you search for <u>xss</u> you will see, that special HTML characters won't be escaped. See
Although this TagsPlugin (at trac-hacks.org) seems to delete <script>, others won't.
Since you can steal login data from, this is a security-issue with a high severity.