Published
2026-06-15 19:58
When viewing a list of membership types or adding a new membership, the membership type frontend title was not properly escaped.
Security Risk
Moderately Critical
Vulnerability
Cross Site Scripting
Affected Versions
CiviCRM v6.15.2 and earlier
Fixed Versions
CiviCRM v6.15.3, v6.10.7 (ESR), and later
Publication Date
Solutions
Upgrade to a fixed version of CiviCRM
Credits
Lassi (lassitemp@proton.me), Seamus Lee (JMA Consulting), Coleman Watts (CiviCRM)
