Bug #21519
Updated by Tomer Brisker over 6 years ago
Sending a fact name or value containing HTML can lead to a stored XSS in the following pages: - Facts page - When opening a chart for a fact that has HTML in it's name or as one of the values. - Trends page - A trend containing a value that includes HTML in it. - Statistics page - Fact values that are aggregated on the page such as manufacturer and contain HTML. This issue has been reported by Roman Mueller.