Sorry, for deleting my former post. But, since there is to much risk of exposing a possible XSS vuln

U015LSYAWTG

Sorry, for deleting my former post. But, since there is to much risk of exposing a possible XSS vulnerability in ZED, we decided to not talk publicly about it. The report is on it's way to security@

U01LKKBK97T

Could you please keep me updated about the fix as suggested by @U01LXLJMWQ1?
Please let me know if
• CustomerGroup (2.6.0)
• CustomerUserConnectorGui 1.3.0
are fixing it for you.

U015LSYAWTG

Hi there! Sorry, i switched back to our companys account and didn't recocgnize your request. Since we are currently not using those two packages, we removed them, hence i cannot give you a report on these two in specific. But, for the more general statement, that updating packes should solve some of the major issues reported, i can confirm that part of our security reports could be closed. Nevertheless, there we are still facinig "DOM Based Cross-Site Scripting on Product Options and Product Sets" ans "Cross-Site Scripting and Open Redirect in Referer Header" Reports but "fixed" them by using a vpn - technically those vectors are still there, but behind closed curtains ... and as a bonus, if you are using api as well, enable a rate limit service on your public LBs and harden the password policy for zed - the default implementation is way to weak