Moderate severity vulnerability was found in composer ezsystems/ezplatform-richtext (composer) .

The rich text editor does not escape attribute data when previewing custom tags. This means XSS is possible if custom tags are used, for users who have access to editing rich text content. Frontend content view is not affected, but the vulnerability could be used by editors to attack other editors. The fix ensures custom tag attribute data is escaped in the editor.



By admin

Leave a Reply

Your email address will not be published. Required fields are marked *