Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2017-004: XSS in page history comparison

Low (?)
Versions Affected:
3.4.5 and below, 3.5.0 to 3.5.3
Versions Fixed:
3.4.6, 3.5.4, 3.6.0
Release Date:

Authenticated user with page edit permission can craft HTML, which when rendered in a page history comparison can execute client scripts.

Credit to Anti Räis for reporting this issue.