oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel

From: Maxim Solodovnik <solomax () apache org>
Date: Fri, 12 Aug 2016 17:03:51 +0700
Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.1.0

Description: The value of the URL's "swf" query parameter is interpolated
into the JavaScript tag without being escaped, leading to the reflected XSS.

All users are recommended to upgrade to Apache OpenMeetings 3.1.2

Credit: This issue was identified by Matthew Daley

Apache OpenMeetings Team
Previous By Date Next
Previous By Thread Next

Current thread: