We're updating the issue view to help you get more done. 

XSS in the listApplicationLinks resource - CVE-2018-20239

Description

The listApplicationLinks resource in Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter.

Environment

None

Testing Notes

Add notes...

Status

Assignee

Unassigned

Reporter

SecurityB

Add-on Type

None

Team

None

CC

None

Risk factor

None

QA Kickoff Status

None

QA Demo Status

None

Fix versions

Affects versions

5.2.0
5.0.0
5.1.0
5.3.0
5.4.0
6.0.0

Priority

Major