CVE-2023-28604

Name of the Vulnerable Software and Affected Versions fluid components extension versions prior to 3.5.0

Description The issue allows Cross-Site Scripting (XSS) via a component argument parameter, specifically in certain {content} use cases that may be edge cases. All versions of the Fluid Components extension before 3.5.0 were susceptible to this issue.

Recommendations For versions prior to 3.5.0, update to version 3.5.0 of the extension to fix the issue. Additionally, review and adjust your project's Fluid templates as necessary to prevent unwanted double-escaping of HTML markup.