You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openmeetings.apache.org by Maxim Solodovnik <so...@apache.org> on 2016/08/12 10:03:51 UTC
[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings 3.1.0
Description: The value of the URL's "swf" query parameter is interpolated
into the JavaScript tag without being escaped, leading to the reflected XSS.
All users are recommended to upgrade to Apache OpenMeetings 3.1.2
Credit: This issue was identified by Matthew Daley
Apache OpenMeetings Team