Potential XSS vulnerability related to the analytics dashboard
Published: July 02, 2012
SECURITY IDENTIFIERS
- OSVDB: OSVDB-125713
- Vendor Advisory: https://web.archive.org/web/20121126005814/https://spreecommerce.com/blog/security-issue-all-versions
GEM
PATCHED VERSIONS
~> 0.11.4
~> 0.70.6
~> 1.0.5
>= 1.1.2
DESCRIPTION
Spree has a flaw in its analytics dashboard where keywords are not escaped, leading to potential XSS.