CIVI-SA-2017-05: Incorrect escaping for "Search Results" column

Published
2017-07-05 23:00
Written by

In the "Search Results" screen, some elements were not properly escaped.

Security Risk
Less Critical
Vulnerability
Cross Site Scripting
Affected Versions
  • 4.7.20 and earlier
  • 4.6.28 and earlier
Fixed Versions
  • 4.7.21
  • 4.6.29
Solutions

Upgrade to the latest version of CiviCRM

If you cannot upgrade apply the following patch

 

Credits

Sean Madsen for reporting the issue and fixing it