CVE-2016-8855

Name of the Vulnerable Software and Affected Versions Sitecore Experience Platform version 8.1 rev. 160519 (8.1 Update-3)

Description The issue allows remote attacks via the Name or Description parameter in the "/sitecore/client/Applications/List Manager/Taskpages/Contact list" endpoint. This is a Cross-Site Scripting (XSS) issue.

Recommendations For Sitecore Experience Platform version 8.1 rev. 160519 (8.1 Update-3), update to version 8.2 Update-2 to resolve the issue. As a temporary workaround, consider restricting access to the "/sitecore/client/Applications/List Manager/Taskpages/Contact list" endpoint and avoid using the Name or Description parameters until the update is applied.