Impact

The in ajax.render.php?operation=wizard_helper page don't properly escape the passed parameters, allowing XSS.

Patches

Fixed in 3.0.0 (october 2021)

References

Combodo ref N°4362

Credits

Redshell (https://github.com/RedShellSec)

For more information

If you have any questions or comments about this advisory:
Email us at [email protected]