[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel

From: Maxim Solodovnik <solomax666@gmail.com>
To: bugtraq@securityfocus.com
Cc:
Subject: [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel
Date:


Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.1.0

Description: The value of the URL's "swf" query parameter is
interpolated into the JavaScript tag without being escaped, leading to
the reflected XSS.

All users are recommended to upgrade to Apache OpenMeetings 3.1.2

Credit: This issue was identified by Matthew Daley


Apache OpenMeetings Team





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.