1. Strona główna

CIVI-SA-2026-15: Unvalidated Script in Search-Display

Opublikowane
2026-03-18 12:00
Written by
dev-team
Security Risk
Moderately Critical
Vulnerability
Cross Site Scripting
Affected Versions

CiviCRM v6.12.1, v6.10.3 (ESR), and later

Fixed Versions

CiviCRM v6.12.1, v6.10.3 (ESR), and later

Publication Date
Solutions

Any ONE of the following will mitigate the vulnerability:

  • Upgrade to a fixed version of CiviCRM, or...
  • Restrict permissions administer search_kit and manage own search_kit to administrators
Credits

Tim Otten (CiviCRM), Coleman Watts (CiviCRM)