BugTraq
Back to list
|
Post reply
[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel
Aug 12 2016 10:06AM
Maxim Solodovnik (solomax666 gmail com)
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings 3.1.0
Description: The value of the URL's "swf" query parameter is
interpolated into the JavaScript tag without being escaped, leading to
the reflected XSS.
All users are recommended to upgrade to Apache OpenMeetings 3.1.2
Credit: This issue was identified by Matthew Daley
Apache OpenMeetings Team
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings 3.1.0
Description: The value of the URL's "swf" query parameter is
interpolated into the JavaScript tag without being escaped, leading to
the reflected XSS.
All users are recommended to upgrade to Apache OpenMeetings 3.1.2
Credit: This issue was identified by Matthew Daley
Apache OpenMeetings Team
[ reply ]