SS-2013-007: XSS in CMS "Security" section
- Low (?)
- Versions Affected:
- Versions Fixed:
- Release Date:
Certain fields in the "Groups" and "Roles" listings of the "Security" section are vulnerable to persistent cross-site scripting. This form of attack requires a CMS login by a malicious third party, and can lead to executing authenticated requests on behalf of the CMS user victim.
Reported by Vulnerability Laboratory Evolution