an authenticated SQL injection when adding categories in the admin backend
a stored cross-site scripting vulnerability in the category name
a stored cross-site scripting vulnerability in the admin logging
a stored cross-site scripting vulnerability in the FAQ title
a PostgreSQL based SQL injection for the lang parameter
a SQL injection when storing an instance name in the admin backend
a SQL injection when adding attachments in the admin backend
a stored cross-site scripting vulnerability when adding users by admins
a missing "secure" flag for cookies when using TLS
a cross-site request forgery / cross-site scripting vulnerability when saving new questions
a reflected cross-site scripting vulnerability in the admin backend