[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel
From: Maxim Solodovnik <solomax666@xxxxxxxxx>
Date: Fri, 12 Aug 2016 17:06:04 +0700

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.1.0

Description: The value of the URL's "swf" query parameter is
interpolated into the JavaScript tag without being escaped, leading to
the reflected XSS.

All users are recommended to upgrade to Apache OpenMeetings 3.1.2

Credit: This issue was identified by Matthew Daley


Apache OpenMeetings Team

Prev by Date: [SECURITY] [DSA 3647-1] icedove security update
Next by Date: [security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS)
Previous by thread: [SECURITY] [DSA 3647-1] icedove security update
Next by thread: [security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS)
Index(es):
- Date
- Thread