Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2015-016: XSS in install.php

Severity:
Low (?)
Identifier:
SS-2015-016
Versions Affected:
3.1.14-rc1 and below
Versions Fixed:
3.1.14 stable
Release Date:
2015-09-15

During installation, certain parameters (admin_username and admin_password) are not escaped in the setup form.

This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server.