Authors:Kamil Sevi Risk：High CVE：CVE-2018-1325 0day:XSS 0day-id:0DAY-1325 Date：2018-04-19
CVE-2018-1325 – Wicket jQuery UI: XSS while displaying value in WYSIWYG editor .In Apache wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.
<= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1
The issue was fixed in 6.29.1, 7.10.2, 8.0.0-M9.2 All users are recommended to upgrade to Apache OpenMeetings 4.0.3
This issue was identified by Kamil Sevi