Publicado
2019-02-20 09:00
In the "Logging Details" report, some parameters were not being properly sanitised.
Security Risk
Critical
Vulnerability
Cross Site Scripting
Affected Versions
CiviCRM Versions 5.10.2 and earlier
Fixed Versions
CiviCRM Versions 5.10.3 and 4.7.4
Solutions
Upgrae to the lastest version of CiviCRM.
Credits
Patrick Figel of Greenpeace for reporting the issue.
Seamus Lee of Australian Greens for fixing the issue.
References
security/core#32