TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.Referenceshttps://www.twcert.org.tw/tw/cp-132-5169-327ef-1.html
