CIVI-SA-2024-01: View Contact XSS

Published

2024-06-19 12:00

Written by

dev-team

Within the "View Contact" screen and its sub-pages, there were multiple cross-site scripting vulnerabilities.

Security Risk

Critical

Vulnerability

Cross Site Scripting

Affected Versions

CiviCRM version 5.74.3 and earlier

Fixed Versions

CiviCRM version 5.74.4 and 5.69.6 (ESR)

Publication Date

2024-06-19 - 12:00

Solutions

Upgrade to the fixed version of CiviCRM

Credits

Québec Ministère de la Cybersécurité et du Numérique; Claude Bernard Lyon 1 University - Security team; CiviCRM/JMA Consulting - Seamus Lee; Greenpeace Central and Eastern Europe - Patrick Figel; Coop SymbioTIC - Mathieu Lutfy; CiviCRM - Tim Otten

References

security/core#130, security/core#133, security/core#173, security/core#174

We are in the process of translating the civicrm.org website. Translations may not be available in all languages. Read more and participate.

© 2005 - 2023, CIVICRM LLC. All rights reserved.
CiviCRM and the CiviCRM logo are trademarks of CIVICRM LLC. Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.

[D8]

CIVI-SA-2024-01: View Contact XSS

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM

Languages

CIVI-SA-2024-01: View Contact XSS

WORK WITH A TRUSTED EXPERT TO SETUP YOUR CIVICRM

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM