unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php.
Related posts