Published
2023-01-04 12:00
CiviEvent included a vector for reflected cross-site-scripting (XSS) attacks.
Security Risk
Moderately Critical
Vulnerability
Cross Site Scripting
Affected Versions
CiviCRM version 5.56.1 (and earlier), 5.51.3 (and earlier)
Fixed Versions
CiviCRM version 5.57.0, 5.56.2, 5.51.4 (ESR)
Publication Date
Solutions
Upgrade to the latest version of CiviCRM
Credits
John Kingsnorth, Seamus Lee, Rich Lott, and Tim Otten
