Apache wicket-jquery-ui 6.29.0-8.0.0-M9.1 CVE-2018-1325 XSS

Authors:Kamil Sevi           Risk:High

CVE:CVE-2018-1325           0day:XSS

0day-id:0DAY-1325            Date:2018-04-19

Description

CVE-2018-1325 – Wicket jQuery UI: XSS while displaying value in WYSIWYG editor .In Apache wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.

Severity

High

Vendor

wicket-jquery-ui

Versions Affected

<= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1

The issue was fixed in 6.29.1, 7.10.2, 8.0.0-M9.2 All users are recommended to upgrade to Apache OpenMeetings 4.0.3

Credit

This issue was identified by Kamil Sevi

Leave a Reply