[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [CVE-2019-10085] Apache Allura XSS vulnerability
From:       Dave Brondsema <dave () brondsema ! net>
Date:       2019-06-18 14:56:50
Message-ID: 2c6d449c-583b-f9c3-d35f-7477baf70cd6 () brondsema ! net
[Download RAW message or body]

CVE-2019-10085 Apache Allura XSS vulnerability in ticket user dropdown selector

Severity: Important
Versions Affected: 1.10.0 and earlier

Description:
A vulnerability exists for stored XSS on the user dropdown selector when
creating or editing tickets.  The XSS executes when a user engages with that
dropdown on that page.

Mitigation:
Users of Allura should upgrade to Allura 1.11.0 immediately.

Credit:
This issue was discovered by Bob "Wombat" Hogg
[prev in list] [next in list] [prev in thread] [next in thread]