$_POST['linkbutton'] are not escaped inside
Also content type is not set to json.
Proof of Concept:
Create page with payload.
After user open url, payload will be send to browser.
- 02-12-2015: Discovered
- 02-12-2015: Vendor notified
- 03-12-2015: Version 1.7.1 released, issue resolved