XSS vulnerability through table summary in rich text field

Issue date: 13-06-2018
Affects versions: 12.3, 11.2, 10.2

Issue ID: SECURITY-67

Affected Product Version(s)
This vulnerability applies to CMS 12.3.0, 11.2.7 and 10.2.11 and earlier versions.

Severity
normal

Description

When adding a table to a rich text field, the "summary" field can be used for an XSS attack.

Instructions

For all current supported CMS versions this vulnerability has been fixed, through code changes only, and only requires updating to the latest maintenance releases: CMS 10.2.12, CMS 11.2.8, CMS 12.3.1 or CMS 12.4.0.

Get Started

Build a Website

Relevance Trail

Feed an AngularJS App

Understand Hippo

Implement Hippo

Extend Hippo

Integrate Hippo

Run Hippo

Upgrade Hippo

Develop Hippo

Use Hippo

Report an Issue

Bloomreach Documentation version

XSS vulnerability through table summary in rich text field