VWE-2015-1636
Return to current revision
Current Revision
February 16, 2017, 1:08 PM
General Differences
made the following changes
- removed the title prefix 'XSS'
- changed the title from 'Plagiarizer Vulnerability' to 'VWE-2015-1636'
Differences in Content
-
[template]Vulnerability
| cve=
| aka=Plagiarizer Vulnerability
| severity=High
| difficulty=Normal
| description=HTML/Javascript injection via Permissions escalation.
| discover-date=October 12, 2015
| patch-date=October 14, 2015
| patches=4.0.6 Patch Level 3
4.0.5 Patch Level 3
4.0.4 Patch Level 3
4.0.3 Patch Level 3
4.0.2 Patch Level 6
4.0.1 Patch Level 9
4.0.0 Patch Level 8
4.0.0 RC 5 Patch Level 7
4.0.0 RC 4 Patch Level 8
| workaround=Modify permissions so that no users may post HTML in comments.
[/template]