www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maxim Solodovnik <solo...@apache.org>
Subject [ANNOUNCE] CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG editor
Date Wed, 18 Apr 2018 16:39:02 GMT
CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG editor

Severity: High

Vendor: wicket-jquery-ui

Versions Affected: <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1

Description: JS code created in WYSIWYG editor will be executed on display
CVE-2018-1325

The issue was fixed in 6.29.1, 7.10.2, 8.0.0-M9.2
All users are recommended to upgrade to Apache OpenMeetings 4.0.3

Credit: This issue was identified by Kamil Sevi

Mime
View raw message