CIVI-SA-2023-02: CiviEvent XSS

Publié
2023-01-04 12:00
Written by

CiviEvent included a vector for reflected cross-site-scripting (XSS) attacks.

Security Risk
Moderately Critical
Vulnerability
Cross Site Scripting
Affected Versions

CiviCRM version 5.56.1 (and earlier), 5.51.3 (and earlier)

Fixed Versions

CiviCRM version 5.57.0, 5.56.2, 5.51.4 (ESR)

Publication Date
Solutions

Upgrade to the latest version of CiviCRM

Credits

John Kingsnorth, Seamus Lee, Rich Lott, and Tim Otten