CIVI-SA-2023-15: CiviEvent XSS

Opublikowane
2023-09-06 12:00
Written by

CiviEvent included multiple screens with a vulnerability to cross-site scripting (XSS).

Security Risk
Moderately Critical
Vulnerability
Cross Site Scripting
Affected Versions

CiviCRM version 5.64.3 and earlier

Fixed Versions

CiviCRM version 5.64.4, 5.65.0 and 5.63.4 (ESR)

Publication Date
Solutions

Upgrade to the fixed version of CiviCRM

Credits

Ranjit Pahan
Bradley Taylor of Bright minded
Coleman Watts of CiviCRM
Seamus Lee of JMA Consulting/CiviCRM

References

security/core#114
huntr.dev: 4283af1b-f2b9-4f2c-b87c-9d6ea40056ef