CVE-2014-1223

Name of the Vulnerable Software and Affected Versions Telligent Evolution versions prior to 6.1.19.36103 Telligent Evolution versions 7.x prior to 7.1.12.36162 Telligent Evolution versions 7.5.x Telligent Evolution versions 7.6.x prior to 7.6.7.36651

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the msg parameter in the controlpanel/loading.aspx endpoint.

Recommendations For versions prior to 6.1.19.36103, update to version 6.1.19.36103 or later. For versions 7.x prior to 7.1.12.36162, update to version 7.1.12.36162 or later. For versions 7.5.x, update to a version that is not affected, as specific fixed versions for this range are not provided. For versions 7.6.x prior to 7.6.7.36651, update to version 7.6.7.36651 or later. As a temporary workaround, consider restricting access to the controlpanel/loading.aspx endpoint to minimize the risk of exploitation. Avoid using the msg parameter in this endpoint until the issue is resolved.