Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2013-007: XSS in CMS "Security" section

Severity:
Low (?)
Identifier:
SS-2013-007
Versions Affected:
3.1.0
Versions Fixed:
3.1.0-rc3
Release Date:
2013-09-24

Certain fields in the "Groups" and "Roles" listings of the "Security" section are vulnerable to persistent cross-site scripting. This form of attack requires a CMS login by a malicious third party, and can lead to executing authenticated requests on behalf of the CMS user victim.

Reported by Vulnerability Laboratory Evolution