Published
2019-05-15 09:00
When determining the installer type that is being used, the variable was not properly validated to ensure that it was ony one of a specific set of installer types.
Security Risk
Moderately Critical
Vulnerability
Cross Site Scripting
Affected Versions
CIviCRM 5.13.0 and earlier
Fixed Versions
CiviCRM version 5.13.4 and 5.7.6
Solutions
Upgrade to the latest version of CiviCRM
Credits
Patrick Figel of Greenpeace for reporting the issue
Seamus Lee of Australian Greens for fixin the issue
References
security/core#52
