XSS vulnerabilities in translation dialogs 

Issue date: 26-04-2018
Affects versions: 12.2, 11.2, 10.2

Issue ID: SECURITY-57

Affected Product Version(s)
This vulnerability applies to CMS 12.2.0, 11.2.6, and 10.2.10 and earlier versions.

Severity 
normal

Description

The translation dialogs in the CMS suffer from an XSS vulnerability via a specially crafted document name or folder name.

Instructions

For all current supported CMS versions this vulnerability has been fixed, through code changes only, and only requires updating to the latest maintenance releases: CMS 10.2.11, CMS 11.2.7, CMS 12.2.1 or CMS 12.3.0.