Impact
XXS is possible in the Bookmark component. Using a crafted payload while creating a bookmark. The bookmarkactionbean stores the dangerous payload in the database, to be retrieved again later.
Patches
patches in 5.6.8, 5.8.0-rc2 and 5.9.0
Workarounds
None
References
More about what XSS is can be found at: https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A7-Cross-Site_Scripting_(XSS)
For more information
If you have any questions or comments about this advisory:
Impact
XXS is possible in the Bookmark component. Using a crafted payload while creating a bookmark. The bookmarkactionbean stores the dangerous payload in the database, to be retrieved again later.
Patches
patches in 5.6.8, 5.8.0-rc2 and 5.9.0
Workarounds
None
References
More about what XSS is can be found at: https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A7-Cross-Site_Scripting_(XSS)
For more information
If you have any questions or comments about this advisory: