Publicat
2024-10-16 12:00
There are stored cross-site scripting vulnerabilities involving some variations of the "name" and "source" fields in certain backend screens.
Security Risk
Critical
Vulnerability
Cross Site Scripting
Affected Versions
CiviCRM versions 5.78.1 and earlier
Fixed Versions
CiviCRM versions 5.78.2 and 5.75.4 (ESR)
Publication Date
Solutions
Upgrade to the latest CiviCRM version
Credits
- Reporter: Seamus Lee of JMA Consulting & CiviCRM Core Team
- Development/Review: Seamus Lee of JMA Consulting & CiviCRM Core Team, Tim Otten of CiviCRM Core Team, Patrick Figel of Greenpeace Central and Eastern Europe, Kevin Cristiano of Tadpole Collective
References
security/core#134