Sitecore · Sitecore Experience Platform · CVE-2016-8855
**Name of the Vulnerable Software and Affected Versions**
Sitecore Experience Platform version 8.1 rev. 160519 (8.1 Update-3)
**Description**
The issue allows remote attacks via the `Name` or `Description` parameter in the "/sitecore/client/Applications/List Manager/Taskpages/Contact list" endpoint. This is a Cross-Site Scripting (XSS) issue.
**Recommendations**
For Sitecore Experience Platform version 8.1 rev. 160519 (8.1 Update-3), update to version 8.2 Update-2 to resolve the issue. As a temporary workaround, consider restricting access to the "/sitecore/client/Applications/List Manager/Taskpages/Contact list" endpoint and avoid using the `Name` or `Description` parameters until the update is applied.