- New version 9.5.13
- This release fixes several security issues that have been recently discovered. Update is recommended!
- Security fixes:
+ CVE-2023-28632 : Account takeover by authenticated user
+ CVE-2023-28838 : SQL injection through dynamic reports
+ CVE-2023-28852 : Stored XSS through dashboard administration
+ CVE-2023-28636 : Stored XSS on external links
+ CVE-2023-28639 : Reflected XSS in search pages
+ CVE-2023-28634 : Privilege Escalation from technician to super-admin
+ CVE-2023-28633 : Blind Server-Side Request Forgery (SSRF) in RSS feeds