Gepubliceerd
2019-02-20 09:00
The "Currency" element of a new pledge was not properly validated, which could potentially lead to a cross-site scripting attack.
Security Risk
Less Critical
Vulnerability
Cross Site Scripting
Affected Versions
CiviCRM Versions 5.10.2 and earlier
Fixed Versions
CiviCRM Version 5.10.3 and 5.7.4
Solutions
Upgrade to the latest version of CiviCRM
Credits
Patrick Figel of Greenpeace for reporting and fixing the issue
References
security/core#16