Reported by abyszko on 9 Aug 2011 10:37 UTC as Trac ticket #1488030
During one of pen-tests I found that _mbox parameter is not properly sanitized and reflected XSS attack is possible - example
I verified this on 0.5.2 and latest version from trunk.
Comment by @alecpl on 9 Aug 2011 13:48 UTC
I'm unable to reproduce.
Milestone changed by @alecpl on 9 Aug 2011 13:48 UTC
later => 0.6-beta
Comment by abyszko on 9 Aug 2011 14:03 UTC
Are you authenticated?
Comment by phs on 9 Aug 2011 17:37 UTC
Could reproduce it (see attachment "screenshot.png").
Comment by @alecpl on 9 Aug 2011 18:41 UTC
I think 8dd172a fixes the issue.
Status changed by @alecpl on 9 Aug 2011 18:41 UTC
new => closed