Board Thread:General Discussion/@comment-5188557-20130226001108/@comment--20130227182147

Cam,

Honestly, I don't know all the details about that specific example you are referring to. I talked to a few people about that today and it appeared someone found a way to put a  tag in a Message Wall post that transcluded into recent changes. We fixed that XSS possibility in Message Wall (and all discovered XSS vulnerabilities, luckily few and far between, are fixed almost instantly after they're reported to us), and I do stand by my statement that Wikia has extra backend methods in place to prevent users using XSS to get password data/account information.

Iggyvolz,

You are 101% correct.