4 matches found
CVE-2019-10779
All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS...
Cross site scripting
All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS...
CVE-2019-10779
All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS...
CVE-2019-10779
CVE-2019-10779 affects stroom:stroom-app before 5.5.12 and the 6.0.0 branch before 6.0.25 with an XSS that lets an attacker load the Stroom UI in a hidden iframe and issue commands as the logged-in user. The vulnerability stems from inadequate input validation in the UI, enabling full control of ...