1 Title: Fixed XSS using the _body_class parameter of views
10 It was possible to use the _body_class parameter of the status GUI views
11 to inject HTML/Javascript code into the pages.
13 The _body_class parameter, which was only used for internal purposes, has
14 totally been removed now.