CIVI-SA-2026-07: Contact Summary (XSS)

Pubblicato

2026-03-18 12:00

Written by

dev-team

Security Risk

Moderately Critical

Vulnerability

Cross Site Scripting

Affected Versions

CiviCRM v6.12.0 and earlier

Fixed Versions

CiviCRM v6.12.1, v6.10.3 (ESR), and later

Publication Date

2026-03-18 - 12:00

Solutions

Any ONE of the following will mitigate the vulnerability:

Upgrade to a fixed version of CiviCRM

Credits

Luke Stewart (Fuzion), Lassi (lassitemp@proton.me), Seamus Lee (JMA Consulting), Kevin Cristiano (Tadpole Collective)

We are in the process of translating the civicrm.org website. Translations may not be available in all languages. Read more and participate.

© 2005 - 2025, CIVICRM LLC. All rights reserved.
CiviCRM and the CiviCRM logo are trademarks of CIVICRM LLC. Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.

[D10]

CIVI-SA-2026-07: Contact Summary (XSS)

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM

Lingue

CIVI-SA-2026-07: Contact Summary (XSS)

WORK WITH A TRUSTED EXPERT TO SETUP YOUR CIVICRM

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM