SS-2013-007: XSS in CMS "Security" section
- Severity:
- Low (?)
- Identifier:
- SS-2013-007
- Versions Affected:
- 3.1.0
- Versions Fixed:
- 3.1.0-rc3
- Release Date:
- 2013-09-24
Certain fields in the "Groups" and "Roles" listings of the "Security" section are vulnerable to persistent cross-site scripting. This form of attack requires a CMS login by a malicious third party, and can lead to executing authenticated requests on behalf of the CMS user victim.
Reported by Vulnerability Laboratory Evolution