VYPR
Unrated severityOSV Advisory· Published Jun 18, 2019· Updated Aug 4, 2024

CVE-2019-10085

CVE-2019-10085

Description

In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page.

Affected products

2
  • Apache/AlluraOSV2 versions
    allura_20110215, allura_20110218, allura_20110218.01, …+ 1 more
    • (no CPE)range: allura_20110215, allura_20110218, allura_20110218.01, …
    • (no CPE)range: <1.11.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.