Armadillo Identifies Security Vulnerabilities

17th September 2020

Ben Hubbard one of our Principal Security Consultants has identified security vulnerabilities within the CiviCRM product.

Ben identified two instances of stored Cross-Site Scripting (XSS) within the product, which was then responsibly disclosed to the vendor and has now been fully rectified. Armadillo Sec recommend that any users update to the latest version of CiviCRM to ensure they are protected against this vulnerability.

Vulnerability Acknowledgement 1:

https://civicrm.org/advisory/civi-sa-2020-14-xss-profile-description-field

Vulnerability Acknowledgement 2:

https://civicrm.org/advisory/civi-sa-2020-13-xss-event-summary

Disclosure Timeline

Vulnerability reported: 5th August 2020

Vulnerability resolved: 19th August 2020

Twitter
LinkedIn
Facebook

Armadillo Identifies Security Vulnerabilities

G-Cloud 12 Government Supplier

Armadillo Identifies Security Vulnerabilities

Vulnerability Assessments – what are they and how do they differ from penetration tests?

Unsupported software – what’s the risk?