A minor security vulnerability was reported where a malicious user could create an account using certain tags as their username, firstname, lastname or email address which would cause javascript errors in the user administration interface.

This patch will update the files to necessary to clean the data before it gets added to the database to safeguard against these attacks.

This vulnerability applies to all versions of Exponent. Patches have made for all releases, including the 97.0-Alpha.

The patch can be applied using the Extension Upload utility or you can simply unzip the package in your root Exponent directory to overwrite the old files with the new patched versions.

The patch can be downloaded here.