Описание
The Reporting Addon for CUBA Platform has Persistent XSS
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-20663
- https://github.com/cuba-platform/cuba/issues/1741
- https://github.com/cuba-platform/reports/issues/140
- https://github.com/cuba-platform/cuba/commit/be6aa41ff36a365e2a995d37861e5acfcd32c2c5
- https://github.com/cuba-platform/cuba/commit/e9f972beeae42dc6dbc3aaa6b6ecc9814c0eedb4
- https://github.com/cuba-platform/cuba/commit/ec8784d8f596aa570604f4e5d5d4a7c3ae264c62
Пакеты
Наименование
com.haulmont.cuba:cuba-web-toolkit
maven
Затронутые версииВерсия исправления
>= 6.10.0, < 6.10.7
6.10.7
Наименование
com.haulmont.cuba:cuba-web-toolkit
maven
Затронутые версииВерсия исправления
>= 6.9.0, < 6.9.8
6.9.8
Наименование
com.haulmont.cuba:cuba-web-toolkit
maven
Затронутые версииВерсия исправления
< 6.8.15
6.8.15
Связанные уязвимости
CVSS3: 5.4
nvd
около 7 лет назад
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.