Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2016-016: XSS In CMSSecurity BackURL

Severity:
Low (?)
Identifier:
SS-2016-016
Versions Affected:
3.1.20 and below, 3.2.0 to 3.2.5, 3.3.0 to 3.3.3
Versions Fixed:
3.1.21, 3.2.6, 3.3.4, 3.4.2, 3.5.0
Release Date:
2016-11-29

In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.

Credit: David Júlio for reporting.