You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Maxim Solodovnik <so...@apache.org> on 2018/04/18 16:39:02 UTC
[ANNOUNCE] CVE-2018-1325 - Wicket jQuery UI: XSS while displaying
value in WYSIWYG editor
CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG editor
Severity: High
Vendor: wicket-jquery-ui
Versions Affected: <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1
Description: JS code created in WYSIWYG editor will be executed on display
CVE-2018-1325
The issue was fixed in 6.29.1, 7.10.2, 8.0.0-M9.2
All users are recommended to upgrade to Apache OpenMeetings 4.0.3
Credit: This issue was identified by Kamil Sevi