SS-2016-004: XSS in CMS Edit Page
- Severity:
- Medium (?)
- Identifier:
- SS-2016-004
- Versions Affected:
- 3.1.18, 3.2.3, 3.3.1
- Versions Fixed:
- 3.1.19, 3.2.4, 3.3.2
- Release Date:
- 2016-05-11
Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page.
An attacker could create a URL and share it with a site administrator to perform an attack.
Credit: Eric Flokstra.