CVE-2010-4364
DaDaBIK 4.3 beta3 is affected when run in a case-sensitive environment where the htmLawed library is not included. This root cause (missing htmLawed) enables cross-site scripting (XSS) by manipulating (1) HTML content and (2) rich_editor fields, and it can bypass the protection mechanism tied to ...