Gepubliceerd
2021-03-09 09:00
The introduction text on a Personal Campaign Page (PCP) was not properly sanitised prior to display on the Personal Campaign page.
Security Risk
Critical
Vulnerability
Cross Site Scripting
Affected Versions
CiviCRM versions 5.35.0 and earlier
Fixed Versions
CiviCRM version 5.35.1 and ESR version 5.33.3
Publication Date
Solutions
Upgrade to the latest version of CiviCRM
Credits
Seamus Lee of JMA Consulting and CiviCRM Core Team for reporting and fixing the issue.
References
security/core!134