Comments not properly escaped / script injection possibility
|Reported by:||anonymous||Owned by:||richard|
The ChangeLog comment on the ticket view is not escaped which, in addition to not showing "<text>" style comments, means it is possible to inject script tags.
Change History (1)
Note: See TracTickets for help on using tickets.