The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name Identity Theft Vulnerability VWE-ID VWE-2013-0012 Related Report None Severity HIGH Exploit Difficulty Difficult Platform Affects all platforms supported by the vulnerable versions. Description HTML/Javascript injection. A user who does not have permission to use HTML in wiki comments posts a comment containing HTML. When another user who does have permission to use HTML in wiki comments views that user's comment, the HTML is rendered anyway.
Discovered April 7, 2013 Resolved April 8, 2013 Patches Available 4.0.0 Alpha 5 Workaround Update all areas so that HTML is not allowed in comments.