Cross-Site Request Forgery (CSRF) vulnerability in John Godley Tidy Up tidy-up allows Reflected XSS.This issue affects Tidy Up: from n/a through <= 1.3.