Hi @abadan,
Interesting, I hadn’t seen this before. I mentioned on another thread that we have seen reports of privilege escalations via old XSS attacks; have you looked at the journal you host to see if this might’ve been the vector? (Looking through a mysqldump of the database for <script might also give you something to investigate.)
Regards,
Alec Smecher
Public Knowledge Project Team