Author: jleroux Revision: 1692357 Modified property: svn:log Modified: svn:log at Fri Apr 8 19:52:32 2016 ------------------------------------------------------------------------------ --- svn:log (original) +++ svn:log Fri Apr 8 19:52:32 2016 @@ -1 +1,2 @@ The description attribute of the display-entity element is now escaped to prevent the risk of an XSS attack. +[CVE-2015-3268] Stored Cross-Site Scripting Vulnerability affecting the description attribute of the display-entity element because it was not escaped.
