CVE-2019-6804

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.rundeck/rundeck

Identifiers

GHSA-4262-wr7p-gpcj, CVE-2019-6804

Package Slug

maven/org.rundeck/rundeck

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.

Affected Versions

All versions before 3.0.13

Solution

Upgrade to version 3.0.13 or above.

Last Modified

2022-11-23

source