Univention Bugzilla – Attachment 9948 Details for Bug 48812
Cross Site Scripting in Portal allows session fixation of Administrators and other attacks