PageLayer before 1.3.5 allows reflected XSS via the font-size parameter.

By admin