Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms.
secunia.com/advisories/57163
www.openwall.com/lists/oss-security/2014/02/28/8
www.securityfocus.com/bid/65885
bugzilla.redhat.com/show_bug.cgi?id=1070852
github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2
github.com/ASKBOT/askbot-devel/commit/a676a86b6b7a5737d4da4f59f71e037406f88d29