Description
Various actions do not escape markup in the page name. This let an attacker to run scripts on the user browsers by clicking on a link to the page with certain actions.
Steps to reproduce
Try:
Component selection
- Various actions
Details
1.3 and later.
LikePages is fixed in this wiki.
Workaround
Discussion
Use proper escaping of page name.
Plan
- Priority:
Assigned to: ThomasWaldmann
- Status: fixed in 1.5 branch