Publicado
2017-07-05 23:00
In CiviContribute forms which combine the "On Behalf Of" feature with "Organization" records, some data was not properly escaped.
Security Risk
Less Critical
Vulnerability
Cross Site Scripting
Affected Versions
- 4.7.20 and earlier
- 4.6.28 and earlier
Fixed Versions
- 4.7.21
- 4.6.29
Solutions
Upgrade to the latest version of CiviCRM
If you cannot upgrade then apply the following patch
Credits
Alan Dixon of Blackfly Solutions for reporting and fixing the issue