Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned, so the information cannot be provided.

Description The issue allows an attacker with admin privileges and access to Translations management functionality to add a JS payload to translation values. This can be done through the Translation management UI, or by downloading translations via the Crowdin service that contain JS strings used for XSS attacks. The attacker can also upload poisoned translations via the Upload translation file on the All Languages grid. For a successful attack, the poisoned translation must be enabled, downloaded, and installed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.