Opublikowane
2020-08-19 09:00
In certain screens, the Activity "Subject" field was not properly escaped to prevent cross site scripting.
Security Risk
Critical
Vulnerability
Cross Site Scripting
Affected Versions
CiviCRM version 5.28.0 and earlier
Fixed Versions
CiviCRM version 5.28.1 and 5.27.5 ESR
Publication Date
Solutions
Upgrade to the latest version of CiviCRM
Credits
Patrick Figel of Greenpeace CCE for reporting the issue
Seamus Lee of CiviCRM Core Team for fixing the issue
References
security/core#94