Date: Tue, 18 Jun 2019 10:56:50 -0400 From: Dave Brondsema <dave@...ndsema.net> To: oss-security@...ts.openwall.com Subject: [CVE-2019-10085] Apache Allura XSS vulnerability CVE-2019-10085 Apache Allura XSS vulnerability in ticket user dropdown selector Severity: Important Versions Affected: 1.10.0 and earlier Description: A vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page. Mitigation: Users of Allura should upgrade to Allura 1.11.0 immediately. Credit: This issue was discovered by Bob "Wombat" Hogg
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.