VWE-2015-1601 Viewing Source [template]Vulnerability | cve= | aka=Cross-Template Vulnerability | severity=High | difficulty=Hard | description=Randomly successful HTML/Javascript injection (success rate: ~1/50000 uncached page views). | platform=XF | lite=no | discover-date=October 2, 2015 | patch-date=October 4, 2015 | patches=4.0.6 Patch Level 1 4.0.5 Patch Level 1 4.0.4 Patch Level 1 4.0.3 Patch Level 2 4.0.2 Patch Level 5 4.0.1 Patch Level 8 4.0.0 Patch Level 7 4.0.0 RC 5 Patch Level 6 4.0.0 RC 4 Patch Level 7 | workaround=Disable the Template content-type via the Wiki Admin Panel. [/template] 595 characters