Published
2023-09-06 12:00
In CiviCampaign, the "Survey" functionality includes a field that may be vulnerable to cross-site scripting (XSS).
Security Risk
Moderately Critical
Vulnerability
Cross Site Scripting
Affected Versions
CiviCRM version 5.64.3 and earlier
Fixed Versions
CiviCRM version 5.64.4, 5.65.0 and 5.63.4 (ESR)
Publication Date
Solutions
Upgrade to the fixed version of CiviCRM
Credits
Ranjit Pahan for reporting the issue
Seamus Lee of JMA Consulting for fixing the issue
References
security/core#125
huntr.dev: 01287963-e263-496e-a932-ec04dc7103e5
