VWE-2016-2370 Viewing Source [template]Vulnerability | cve= | aka=Contrastive Vulnerability | severity=High | difficulty=Easy | description=HTML/Javascript injection. | platform=XF | discover-date=April 15, 2016 | patch-date=April 15, 2016 | patches=4.0.10 Patch Level 1 4.0.9 Patch Level 1 4.0.8 Patch Level 3 4.0.7 Patch Level 4 4.0.6 Patch Level 7 4.0.5 Patch Level 7 4.0.4 Patch Level 7 | workaround=Update permissions so that no users can view the history of any page. [/template] 473 characters