Petko Yotov wrote: >Indeed, that's a way to insert potentially harmful JavaScripts in the page. I >have immediately fixed it and just released version 2.2.16.
thanks for the quick patch! >The report says: > 2010-04-19: Vendor contacted > The vendor has been contacted, but has not replied to my report. > >I assume that they e-mailed to Patrick but unfortunately he didn't notice or >was too busy to forward the report to me. http://www.hboeck.de/ shows Hanno's mail address - maybe you can contact him? Also Secunia should be informed about the patch since http://secunia.com/advisories/product/6195/ shows still "unpatched". Oliver _______________________________________________ pmwiki-devel mailing list pmwiki-devel@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
