You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by jl...@apache.org on 2016/04/08 21:56:55 UTC

svn propchange: r1692360 - svn:log

Author: jleroux
Revision: 1692360
Modified property: svn:log

Modified: svn:log at Fri Apr  8 19:56:55 2016
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Fri Apr  8 19:56:55 2016
@@ -1 +1,2 @@
 The description attribute of the display-entity element is now escaped to prevent the risk of an XSS attack.
+[CVE-2015-3268] Stored Cross-Site Scripting Vulnerability affecting the description attribute of the display-entity element because it was not escaped.