Security Risk: 
Critical
Vulnerability: 
Cross Site Scripting
Affected Versions: 

CiviCRM Versions 5.10.2 and earlier

Fixed Versions: 

CiviCRM Versions 5.10.3 and 4.7.4

Publication Date: 
Wednesday, February 20, 2019
Description: 

In the "Logging Details" report, some parameters were not being properly sanitised.

Solutions: 

Upgrae to the lastest version of CiviCRM.

Credits: 

Patrick Figel of Greenpeace for reporting the issue.

Seamus Lee of Australian Greens for fixing the issue.

References: 

security/core#32