Possible XSS code execution on Text and Char fields in sao
It's possible to include code in the Text and Char fields that will be interpreted when displayed in the richtext widget. It could lead to stolen session, data loss, etc.
Sanitizing the HTML code of the richtext widget should solve this issue.