CVE-2023-25440

Published: 23 May 2023

Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.

Priority

Status

Package	Release	Status
civicrm Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	jammy	Needs triage
	kinetic	Needs triage
	lunar	Does not exist
	trusty	Ignored (out of standard support)
	upstream	Needs triage
	xenial	Needs triage

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25440
https://packetstormsecurity.com/files/172470/CiviCRM-5.59.alpha1-Cross-Site-Scripting.html
https://civicrm.org/
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›