Previously found XSS (CVE-2014-7139) was not patched correctly.
It’s possible to inject specially crafted reflected XSS even if
addslashes is used.
Proof of Concept:
XSS will be visible for admin.
- 08-12-2014: Discovered
- 08-12-2014: Vendor notified
- 09-12-2014: Version 2.8.20 released, issue resolved