We're updating the issue view to help you get more done. 

XSS in the listApplicationLinks resource - CVE-2018-20239

Description

The listApplicationLinks resource in Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter.

Environment

Testing Notes

Add notes...

Status

Assignee

Unassigned

Reporter

SecurityB

Fix versions

Affects versions

5.0.0
5.1.0
5.2.0
5.3.0
5.4.0
6.0.0

Priority

Major