SS-2017-004: XSS in page history comparison
- Severity:
- Low (?)
- Identifier:
- SS-2017-004
- Versions Affected:
- 3.4.5 and below, 3.5.0 to 3.5.3
- Versions Fixed:
- 3.4.6, 3.5.4, 3.6.0
- Release Date:
- 2017-05-31
Authenticated user with page edit permission can craft HTML, which when rendered in a page history comparison can execute client scripts.
Credit to Anti Räis for reporting this issue.
