https://bugzilla.wikimedia.org/show_bug.cgi?id=22622
--- Comment #53 from Jérémie Roquet <[email protected]> --- (In reply to comment #48) > Has the javascript injection been fixed? (cf comment 32) > > That seems pretty critical to me. I concur with this: remember that there's a lot of *confidential* information on OTRS. It's not acceptable to have almost every single user account hijackable, no matter what rights they have, with a single email using an exploit that is easily available and ready to use on the Internet. Best regards, -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
