lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJmbs8iMcnrojuwUQRQGygZ_fwW5p1S+hABnWdF9JivxnxLB_A@mail.gmail.com> Date: Fri, 12 Aug 2016 17:06:04 +0700 From: Maxim Solodovnik <solomax666@...il.com> To: bugtraq@...urityfocus.com Subject: [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 3.1.0 Description: The value of the URL's "swf" query parameter is interpolated into the JavaScript tag without being escaped, leading to the reflected XSS. All users are recommended to upgrade to Apache OpenMeetings 3.1.2 Credit: This issue was identified by Matthew Daley Apache OpenMeetings Team
Powered by blists - more mailing lists