CVE-2019-10085

Published: Jun 18, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page.

Vendor	Product	Versions
n/a	Apache Allura	affected `Apache Allura prior to 1.11.0`

References

https://lists.apache.org/thread.html/88c064c95da2f41d5435ca5b3e364925bed72cc73bcec9b3f25e4c07%40%3Cdev.allura.apache.org%3E

x_refsource_MISC

108816

vdb-entry

x_refsource_BID

[announce] 20190618 CVE-2019-10085 Apache Allura XSS vulnerability

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-10085

Description

Affected Products

References