/product-groups/translation_management/tms/b/sdl-tms-113---product-updates/posts/sdl-tms-11-3-1-crq-4775-cross-site-scripting-security-vulnerabilitySymptoms: Pages in SDL TMS that use the returnUrl parameter were vulnerable to cross-site scripting attacks. Explanation: The return URL was not being validated which allowed for injection of JavaScript code into the application resulting in a vulnerabilityen-USTelligent Community 12 Non-Production