CIVI-SA-2023-13: Survey XSS

Publicado
2023-09-06 12:00
Written by

In CiviCampaign, the "Survey" functionality includes a field that may be vulnerable to cross-site scripting (XSS).

Security Risk
Moderately Critical
Vulnerability
Cross Site Scripting
Affected Versions

CiviCRM version 5.64.3 and earlier

Fixed Versions

CiviCRM version 5.64.4, 5.65.0 and 5.63.4 (ESR)

Publication Date
Solutions

Upgrade to the fixed version of CiviCRM

Credits

Ranjit Pahan for reporting the issue
Seamus Lee of JMA Consulting for fixing the issue

References

security/core#125
huntr.dev: 01287963-e263-496e-a932-ec04dc7103e5