SS-2013-007: XSS in CMS group title

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Severity:: Low (?)
Identifier:: SS-2013-007
Versions Affected:: 3.1.0
Versions Fixed:: 3.1.0-rc3
Release Date:: 2013-09-24

Certain fields in the "Groups" and "Roles" listings of the "Security" section are vulnerable to persistent cross-site scripting. This form of attack requires a CMS login by a malicious third party, and can lead to executing authenticated requests on behalf of the CMS user victim.

Reported by Vulnerability Laboratory Evolution

SS-2013-007: XSS in CMS "Security" section