https://bugzilla.wikimedia.org/show_bug.cgi?id=22622
--- Comment #54 from Martin Edenhofer <[email protected]> --- (In reply to comment #53) > (In reply to comment #48) > > Has the javascript injection been fixed? (cf comment 32) > > > > That seems pretty critical to me. > > I concur with this: remember that there's a lot of *confidential* information > on OTRS. It's not acceptable to have almost every single user account > hijackable, no matter what rights they have, with a single email using an > exploit that is easily available and ready to use on the Internet. JFI: Here would be a hot fix. https://bugzilla.wikimedia.org/show_bug.cgi?id=22622#c28 PS: If you have "rich text" disabled, you are save. Do you use currently "rich text" in your system? -Martin -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
