-
Notifications
You must be signed in to change notification settings - Fork 58
Home
Sebastien Briquet edited this page Feb 25, 2018
·
8 revisions
Severity: High
Affected Versions: <= 6.28.0, <= 7.9.1, <= 8.0.0-M8
Affected Artifacts:
- wicket-jquery-ui-plugins (
com.googlecode.wicket.jquery.ui.plugins.wysiwyg.WysiwygEditor) - wicket-kendo-ui (
com.googlecode.wicket.kendo.ui.widget.editor.Editor)
A security issue as been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.
All users are recommended to upgrade to the latest version (6.29.0, 7.10.1, 8.0.0-M9.1)
The issue was fixed in 6.28.1, 7.9.2, 8.0.0-M8.1
The issue has been identified in Apache OpenMeeting by Sahil Dhar (Security Innovation Inc)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15719
http://openmeetings.apache.org/security.html#_toc_cve-2017-15719_-_wicket_jquery_ui_xss_in_wysiwyg_e