[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2019-10085] Apache Allura XSS vulnerability
From: Dave Brondsema <dave () brondsema ! net>
Date: 2019-06-18 14:56:50
Message-ID: 2c6d449c-583b-f9c3-d35f-7477baf70cd6 () brondsema ! net
[Download RAW message or body]
CVE-2019-10085 Apache Allura XSS vulnerability in ticket user dropdown selector
Severity: Important
Versions Affected: 1.10.0 and earlier
Description:
A vulnerability exists for stored XSS on the user dropdown selector when
creating or editing tickets. The XSS executes when a user engages with that
dropdown on that page.
Mitigation:
Users of Allura should upgrade to Allura 1.11.0 immediately.
Credit:
This issue was discovered by Bob "Wombat" Hogg
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic