Affected Versions

Versions 3.0.0 through 3.0.4 are affected.

Description

Some content may be rendered in both the System Overview and Feed Reader plugins without proper sanitization, making them vulnerable to cross-site scripting (XSS) attacks. Patch release 3.0.5 corrects these vulnerabilities. Uninstalling the affected plugins will also mitigate any potential attacks.

Resolution

Upgrade to version 3.0.5, or uninstall the affected plugins. Related tasks:

1. CORE-829
2. CORE-830

Credits

These issues were discovered by the Blesta Development Team.