Cross-site Request Forgery (CSRF)

Overview org.apache.brooklyn:brooklyn-jsgui is a software for managing cloud applications. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the...

Cross-Site Scripting (XSS)

brooklyn-jsgui is vulnerable to cross-site scripting XSS attacks. A malicious user can deploy an entity with the alert html tags in its name, allowing the execution of arbitrary code...