fixed 553644 6.1.22 thanks (resending as I forgot to CC: the BTS) We don't ship the test WebApps enabled by default (from what I can gather, it seems we don't ship them at all) and this new version fixes the remaining XSS vulnerabilities (I double checked the fix is in). This bug will be closed when the new version gets uploaded.