Description

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Remediation

References

CVE-2020-25628

Related Vulnerabilities

GlassFish Improper Input Validation Vulnerability (CVE-2011-5035)

Envoy Proxy Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-12604)

WordPress Plugin Pluginception Multiple Cross-Site Scripting Vulnerabilities (1.2)

WordPress Plugin Sports Rankings and Lists Cross-Site Scripting (3.5)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42112)

Severity

Medium

Classification

CVE-2020-25628 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities