SS-2016-016: XSS In CMSSecurity BackURL
- Severity:
- Low (?)
- Identifier:
- SS-2016-016
- Versions Affected:
- 3.1.20 and below, 3.2.0 to 3.2.5, 3.3.0 to 3.3.3
- Versions Fixed:
- 3.1.21, 3.2.6, 3.3.4, 3.4.2, 3.5.0
- Release Date:
- 2016-11-29
In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.
Credit: David Júlio for reporting.
