- security: fix SQL injection
- security: remove several Cross-Site Scripting vulnerabilities
All vulnerabilities require admin capabilities. That means they cannot be exploitet easily, but could be using Cross-site request forgery (CSRF).
Thanks to RIPS Technologies for reporting these issues. The issues were found using their Static Source-Code Analyzer RIPS.