Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2015-015: XSS in dev/build returnURL Parameter

Severity:
Low (?)
Identifier:
ss-2015-015
Versions Affected:
3.1.14-rc1 and below
Versions Fixed:
3.1.14 stable
Release Date:
2015-09-15

A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.

This issue is resolved in framework 3.1.14 stable release.