The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name Identity Theft Vulnerability VWE-ID VWE-2013-0012 Related Report None Severity HIGH Exploit Difficulty Difficult Platform Affects all platforms supported by the vulnerable versions. Description HTML/Javascript injection
Discovered April 7, 2013 Resolved April 8, 2013 Patches Available 4.0.0 Alpha 5 Workaround Update all areas so that HTML is not allowed in comments.