Published
2026-06-15 20:06
When viewing a contact or viewing the manage tags screen, the tag name and tag set names were not properly escaped.
Security Risk
Moderately Critical
Vulnerability
Cross Site Scripting
Affected Versions
CiviCRM v6.15.2 and earlier
Fixed Versions
CiviCRM v6.15.3, v6.10.7 (ESR), and later
Publication Date
Solutions
Upgrade to a fixed version of CiviCRM
Credits
Lassi (lassitemp@proton.me), Seamus Lee (JMA Consulting), Coleman Watts (CiviCRM)
