CVE-2019-10085

Summary

In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page.

Affected Software

VendorProductVersion RangeStatus
n/aApache AlluraApache Allura prior to 1.11.0affected

Weaknesses

  • XSS Vulnerability

ADP Enrichment

CVE Program Container

Additional References

References