Security Risk: 
Less Critical
Vulnerability: 
Cross Site Scripting
Affected Versions: 
  • 4.7.20 and earlier
  • 4.6.28 and earlier
Fixed Versions: 
  • 4.7.21
  • 4.6.29
Publication Date: 
Wednesday, July 5, 2017
Description: 

In the "Search Results" screen, some elements were not properly escaped.

Solutions: 

Upgrade to the latest version of CiviCRM

If you cannot upgrade apply the following patch

 

Credits: 

Sean Madsen for reporting the issue and fixing it