CVE-2019-10085 Apache Allura XSS vulnerability in ticket user dropdown selector
Severity: Important Versions Affected: 1.10.0 and earlier Description: A vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page. Mitigation: Users of Allura should upgrade to Allura 1.11.0 immediately. Credit: This issue was discovered by Bob "Wombat" Hogg