Are there any details available for JM-1506?
If this is confidential, send me an Email or PM. I will see if I can help.
I wonder how XSS can be a blocker or confidential as long as authentication works as expected. I’m quite sure that no one send’s me an URL to my server to exploit these issues.