Symptoms:
Pages in SDL TMS that use the returnUrl parameter were vulnerable to cross-site scripting attacks.

Explanation:
The return URL was not being validated which allowed for injection of JavaScript code into the application resulting in a vulnerability.

Resolution:
The issue was fixed by validating the returnURL parameter to ensure that JavaScript code is not injected into the application.

SDL-hosted customers should contact SDL Support to arrange for this hotfix to be deployed.

Customers who host SDL TMS themselves should download the installer for SDLTMS11.3.1 Hotfix for CRQ-4775.exe from the following FTP site: ftp://sdlpatches:5dlpatch35@ftp-emea.sdlproducts.com/SDL TMS/11.3/CU1/Hotfix/