Is OWASP vulnerable ?
Check this out, the code shown above has the variable wgBreakFrames as undefined.
I expect some feedback on the same... Posted to full disclosure list.
The wgBreakFrames variable is vulnerable to injection...
It is confirmed just as a bug, with minimal impact,not a vulnerability.
I would like to thank, jf -at- danglingpointers -dot- net & andfarm -at- gmail -dot- com, for the assistance provided through the Full-disclosure list :)
Full-Disclosure - We believe in it !