OF-836 CVE-2015-6972 MUC service description
The mucdesc parameter of muc-service-edit-form.jsp was reflected unescaped in the summary view at muc-service-summary.jsp This was reported by Florian Nivette of Sysdream. Fixed by escaping on output within muc-service-summary.jsp. In addition, domain validation was added on input.
Showing
Please register or sign in to comment