Author: robert
Description:
In various places within the Uniwiki Custom Toolbar extension, user-supplied text (either from within pages, messages, or POST\GET data) is injected in to JavaScript without sanitization - this poses a possible security vulnerability and would likely cause the extension to malfunction if a quotation mark were included in any of the pieces of text.
The following lines in CustomToolbar.php are possibly affected: 152, 159, 166, 331, 332, and 333.
Version: unspecified
Severity: major
Whiteboard: extension[unmaintained]