Release : 14.4
The Identity Suite was implemented with internal code validation and will only accept and execute code that has been validated to prevent just such Cross Site Scripting attacks as described in this Vulnerability.
Furthermore the software does not allow the actions required by these Vulnerabilites.
In the Identity Suite, when an Ajax request is performed, our frontend API doesn't allow to extend the native Object. Prototype source object.
CVE-2019-11358 and CVE-2020-11022
The Identity Suite has been tested and verified to not be susceptible to the Vulnerabilities described in CVE-2020-7676, CVE-2019-11358 and CVE-2020-11022
Development is aware these libraries are out of date and will be working towards updating them in future releases.