Reported by NightRanger on 14 Aug 2012 19:55 UTC as Trac ticket #1488613
The insert link function doesn't validates URL properly.
once the user clicks on the url the XSS should be triggered.
Settings -> Identities -> Your Identitiy -> Signature
Now create a new mail, XSS Should be triggered.
Comment by @alecpl on 15 Aug 2012 08:13 UTC
Milestone changed by @alecpl on 15 Aug 2012 08:13 UTC
later => 0.8.1
Comment by @alecpl on 15 Aug 2012 09:24 UTC
Status changed by @alecpl on 15 Aug 2012 09:24 UTC
new => closed