SS-2015-015: XSS in dev/build returnURL Parameter
- Low (?)
- Versions Affected:
- 3.1.14-rc1 and below
- Versions Fixed:
- 3.1.14 stable
- Release Date:
A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.
This issue is resolved in framework 3.1.14 stable release.