CIVI-SA-2023-13: Survey XSS

Publicado

2023-09-06 12:00

Written by

dev-team

In CiviCampaign, the "Survey" functionality includes a field that may be vulnerable to cross-site scripting (XSS).

Security Risk

Moderately Critical

Vulnerability

Cross Site Scripting

Affected Versions

CiviCRM version 5.64.3 and earlier

Fixed Versions

CiviCRM version 5.64.4, 5.65.0 and 5.63.4 (ESR)

Publication Date

2023-09-06 - 12:00

Solutions

Upgrade to the fixed version of CiviCRM

Credits

Ranjit Pahan for reporting the issue
Seamus Lee of JMA Consulting for fixing the issue

References

security/core#125
huntr.dev: 01287963-e263-496e-a932-ec04dc7103e5

We are in the process of translating the civicrm.org website. Translations may not be available in all languages. Read more and participate.

© 2005 - 2023, CIVICRM LLC. All rights reserved.
CiviCRM and the CiviCRM logo are trademarks of CIVICRM LLC. Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.

[D8]

CIVI-SA-2023-13: Survey XSS

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM

Idiomas

CIVI-SA-2023-13: Survey XSS

WORK WITH A TRUSTED EXPERT TO SETUP YOUR CIVICRM

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM