Back to search
CVE-2019-10779
Published: Jan 28, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS vulnerability to take full control of the Stroom UI on behalf of the logged-in user.
| Vendor | Product | Versions |
|---|---|---|
n/a | stroom:stroom-app | affected all versions before 5.5.12affected all versions of the 6.0.0 branch before 6.0.25 |
References
https://snyk.io/vuln/SNYK-JAVA-STROOM-541182
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now