You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Maxim Solodovnik <so...@gmail.com> on 2018/04/18 16:39:01 UTC
[ANNOUNCE] CVE-2018-1325 - Wicket jQuery UI: XSS while displaying
value in WYSIWYG editor
CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG editor
Severity: High
Vendor: wicket-jquery-ui
Versions Affected: <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1
Description: JS code created in WYSIWYG editor will be executed on display
CVE-2018-1325
The issue was fixed in 6.29.1, 7.10.2, 8.0.0-M9.2
All users are recommended to upgrade to Apache OpenMeetings 4.0.3
Credit: This issue was identified by Kamil Sevi
--
WBR
Maxim aka solomax
Re: [ANNOUNCE] CVE-2018-1325 - Wicket jQuery UI: XSS while displaying
value in WYSIWYG editor
Posted by Maxim Solodovnik <so...@gmail.com>.
Cve db also updated :)
WBR, Maxim
(from mobile, sorry for the typos)
On Fri, Apr 20, 2018, 19:22 Sebastien Briquet <sb...@apache.org> wrote:
> FYI.
>
> Thanks Maxim! :)
>
> ---------- Forwarded message ----------
> From: Maxim Solodovnik <so...@gmail.com>
> Date: Wed, Apr 18, 2018 at 6:39 PM
> Subject: [ANNOUNCE] CVE-2018-1325 - Wicket jQuery UI: XSS while displaying
> value in WYSIWYG editor
> To: Openmeetings user-list <us...@openmeetings.apache.org>, dev <
> dev@openmeetings.apache.org>, user-russian@openmeetings.apache.org
>
>
> CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG
> editor
>
> Severity: High
>
> Vendor: wicket-jquery-ui
>
> Versions Affected: <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1
>
> Description: JS code created in WYSIWYG editor will be executed on display
> CVE-2018-1325
>
> The issue was fixed in 6.29.1, 7.10.2, 8.0.0-M9.2
> All users are recommended to upgrade to Apache OpenMeetings 4.0.3
>
> Credit: This issue was identified by Kamil Sevi
>
>
> --
> WBR
> Maxim aka solomax
>
Fwd: [ANNOUNCE] CVE-2018-1325 - Wicket jQuery UI: XSS while
displaying value in WYSIWYG editor
Posted by Sebastien Briquet <sb...@apache.org>.
FYI.
Thanks Maxim! :)
---------- Forwarded message ----------
From: Maxim Solodovnik <so...@gmail.com>
Date: Wed, Apr 18, 2018 at 6:39 PM
Subject: [ANNOUNCE] CVE-2018-1325 - Wicket jQuery UI: XSS while displaying
value in WYSIWYG editor
To: Openmeetings user-list <us...@openmeetings.apache.org>, dev <
dev@openmeetings.apache.org>, user-russian@openmeetings.apache.org
CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG
editor
Severity: High
Vendor: wicket-jquery-ui
Versions Affected: <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1
Description: JS code created in WYSIWYG editor will be executed on display
CVE-2018-1325
The issue was fixed in 6.29.1, 7.10.2, 8.0.0-M9.2
All users are recommended to upgrade to Apache OpenMeetings 4.0.3
Credit: This issue was identified by Kamil Sevi
--
WBR
Maxim aka solomax