Cve db also updated :) WBR, Maxim (from mobile, sorry for the typos)
On Fri, Apr 20, 2018, 19:22 Sebastien Briquet <[email protected]> wrote: > FYI. > > Thanks Maxim! :) > > ---------- Forwarded message ---------- > From: Maxim Solodovnik <[email protected]> > Date: Wed, Apr 18, 2018 at 6:39 PM > Subject: [ANNOUNCE] CVE-2018-1325 - Wicket jQuery UI: XSS while displaying > value in WYSIWYG editor > To: Openmeetings user-list <[email protected]>, dev < > [email protected]>, [email protected] > > > CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG > editor > > Severity: High > > Vendor: wicket-jquery-ui > > Versions Affected: <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1 > > Description: JS code created in WYSIWYG editor will be executed on display > CVE-2018-1325 > > The issue was fixed in 6.29.1, 7.10.2, 8.0.0-M9.2 > All users are recommended to upgrade to Apache OpenMeetings 4.0.3 > > Credit: This issue was identified by Kamil Sevi > > > -- > WBR > Maxim aka solomax >
