[SECURITY] CVE-2018-17184 Apache Syncope

[SECURITY] CVE-2018-17184 Apache Syncope

Apache, Administration, Entitlements, Prior, Javascript, Should, Enough, The, With, Upgrade, User, Users, Foundationaffects, Releases, Isexecuted, Injected, Code, Severity, Importantvendor, Software, Was, Https

CVE-2018-17184: Stored XSSDescription:A malicious user with enough administration entitlements can injecthtml-like eleme


CVE-2018-17184: Stored XSS
Description:
A malicious user with enough administration entitlements can inject
html-like elements containing JavaScript statements into Connector
names, Report names, AnyTypeClass keys and Policy descriptions.
When another user with enough administration entitlements edits one of
the Entities above via Admin Console, the injected JavaScript code is
executed.
Severity: Important
Vendor: The Apache Software Foundation
Affects:
Releases prior to 2.1.2
Releases prior to 2.0.11
Solution:
2.0.X users should upgrade to 2.0.11
2.1.X users should upgrade to 2.1.2
Credit:
This issue was discovered by Kevin Borras Soler.
References:
https://syncope.apache.org/security

Zdroj: Apache

2018-11-06 10:03:50 1605 430Facebook | Twitter | Google+ | LinkedIn
Web PHP developer Milan Jankovec

<Milan Jankovec> Full Stack Web Developer

Vytváram webové stránky a aplikácie na mieru. Čistý a validný HTML5 kód na každej platforme, moderné animované CSS3 štýly a neuveriteľné JavaScript kúzla. Bezpečný a rýchly PHP kód bez obmedzení s geniálnou architektúrou databáz.

Najčítanejšie články

What's New in MySQL 5.6 Release Candidate

The MySQL 5.6 Release Candidate is an aggregation of the previous MySQL 5.6 Development Milestone Releases (DMR) and provides a true functio... čítať viac

MySQL 5.6: Improvements in Thread Pool

MySQL Thread Pool has now been updated for the MySQL 5.6 version. Obviously, with the much higher concurrency of the MySQL Server in 5.6 its... čítať viac

DBA and Developer Guide to MySQL 5.6

MySQL is the most trusted and depended-on open source database platform in use today. As such, 9 out of the top 10 most popular and highly-t... čítať viac

MySQL Applier for Hadoop

To support the growing emphasis on real-time operations, MySQL is releasing a new MySQL Applier for Hadoop to enable the replication of even... čítať viac

MySQL Cluster 7.3 GA: Increasing Developer Flexibility and Simplicity

The MySQL team at Oracle are excited to announce the immediate availability of the MySQL Cluster 7.3 Development Milestone Release GA releas... čítať viac

MySQL Cluster Auto-Installer: Video Tutorial

Learn how easy it is to deploy a MySQL Cluster database that has been configured to best meet your applications needs within your environmen... čítať viac

MySQL Replication Utilities: Video Tutorial

Learn how to use MySQL 5.6 and the MySQL Utilities to setup, monitor and manage your MySQL replication topology. See how a single command ca... čítať viac

MySQL 5.6 Replication - Enabling the Next Generation of Web & Cloud Services

The new MySQL 5.6.5 Development Milestone Release (DMR) introduces a much anticipated feature - Global Transaction Identifiers (GTIDs) for M... čítať viac

Dnešný výber

Apache Tobago 3.0.1

The Apache MyFaces team is pleased to announce the release of ApacheTobago 3.0.1.Apache Tobago is a component library fo... čítať viac

Apache Curator 2.4.1 released

Hello, The Apache Curator team is pleased to announce the release of version 2.4.1. The Apache Curator Java libraries make using Apache ZooK... čítať viac

Module JS Toolbar Everywhere for JS4 (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Module JS Toolbar Everywhere for JS4 (Joomla). This Modul shows the jomsoc... čítať viac

Debian - DebConf17 closes in Montreal and DebConf18 dates announced

Today, Saturday 12 August 2017, the annual Debian Developersand Contributors Conference came to a close.With over 405 pe... čítať viac

Location Data (Joomla)

Joomla extension Location Data (Joomla). Location Data! is a IP to Country, Currency and Exchange Rate Component (Application Programmable I... čítať viac

Filter Effects Module Level 1 Draft Published

The CSS Working Group and the SVG Working Group have published a Working Draft of Filter Effects Module Level 1. Filter effects are a way of... čítať viac

Cluster Varnish for Joomla (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Cluster Varnish for Joomla (Joomla). A plugin to combine Joomla! and Varni... čítať viac

WordPress 4.9 Release Candidate

The release candidate for WordPress 4.9 is now available. RC means we think were done, but with millions of users and th... čítať viac