Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2016-004: XSS in CMS Edit Page

Severity:
Medium (?)
Identifier:
SS-2016-004
Versions Affected:
3.1.18, 3.2.3, 3.3.1
Versions Fixed:
3.1.19, 3.2.4, 3.3.2
Release Date:
2016-05-11

Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page.

An attacker could create a URL and share it with a site administrator to perform an attack.

Credit: Eric Flokstra.