oss-sec mailing list archives
[CVE-2019-10085] Apache Allura XSS vulnerability
From: Dave Brondsema <dave () brondsema net>
Date: Tue, 18 Jun 2019 10:56:50 -0400
CVE-2019-10085 Apache Allura XSS vulnerability in ticket user dropdown selector Severity: Important Versions Affected: 1.10.0 and earlier Description: A vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page. Mitigation: Users of Allura should upgrade to Allura 1.11.0 immediately. Credit: This issue was discovered by Bob "Wombat" Hogg
Current thread:
- [CVE-2019-10085] Apache Allura XSS vulnerability Dave Brondsema (Jun 18)