XSS on the cookie-based login panel XSS on table creation page XSS on username (cookie-based login) Fixed in 2.6.4
2.6.4 in CVS
Looks like an officialisation of the RC1 security fixes (bug 104124). Committed directly stable by maintainer, ready for GLSA vote. I vote NO.
Voting NO and closing. Thx for the report Renat.