Daniel Compton our Managing Director has identified security vulnerabilities within the CiviCRM product.
Daniel identified two instances of stored Cross-Site Scripting (XSS) within the product, which was then responsibly disclosed to the vendor and has now been fully rectified. Armadillo Sec recommend that any users update to the latest version of CiviCRM to ensure they are protected against this vulnerability.
Vulnerability Acknowledgement 1:
Vulnerability Acknowledgement 2:
Vulnerability reported: 17th July 2019
Vulnerability resolved: 20th November 2019