Bugtraq mailing list archives
[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel
From: Maxim Solodovnik <solomax666 () gmail com>
Date: Fri, 12 Aug 2016 17:06:04 +0700
Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 3.1.0 Description: The value of the URL's "swf" query parameter is interpolated into the JavaScript tag without being escaped, leading to the reflected XSS. All users are recommended to upgrade to Apache OpenMeetings 3.1.2 Credit: This issue was identified by Matthew Daley Apache OpenMeetings Team
Current thread:
- [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel Maxim Solodovnik (Aug 12)