We have found a Xss vulnerability in the Telerik.Web.UI.WebResource.axd [_TSM_CombinedScripts_ parameter], where it is possible to edit the javascript. We are currently using an older version of the library (2009.3.1103.20). Can anyone confirm that this issue is fixed in the latest release, and in what version was this issue solved?