Release 2.3.16


#1
  • security: fix SQL injection
  • security: remove several Cross-Site Scripting vulnerabilities

All vulnerabilities require admin capabilities. That means they cannot be exploitet easily, but could be using Cross-site request forgery (CSRF).

Thanks to RIPS Technologies for reporting these issues. The issues were found using their Static Source-Code Analyzer RIPS.