|Topic:||XSS in Wiki comments|
|Versions affected:||< 2.1.2, < 2.0.5 (1.9.x not affected)|
|Reported by:||Petr Škoda|
|Solution:||upgrade to latest version|
The result of wiki parsers was not cleaned, which could be discovered and exploited especially when combined with CSRF.