Published
2023-09-06 12:00
CiviEvent included multiple screens with a vulnerability to cross-site scripting (XSS).
Security Risk
Moderately Critical
Vulnerability
Cross Site Scripting
Affected Versions
CiviCRM version 5.64.3 and earlier
Fixed Versions
CiviCRM version 5.64.4, 5.65.0 and 5.63.4 (ESR)
Publication Date
Solutions
Upgrade to the fixed version of CiviCRM
Credits
Ranjit Pahan
Bradley Taylor of Bright minded
Coleman Watts of CiviCRM
Seamus Lee of JMA Consulting/CiviCRM
References
security/core#114
huntr.dev: 4283af1b-f2b9-4f2c-b87c-9d6ea40056ef
