FYI. Thanks Maxim! :)
---------- Forwarded message ---------- From: Maxim Solodovnik <solomax...@gmail.com> Date: Wed, Apr 18, 2018 at 6:39 PM Subject: [ANNOUNCE] CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG editor To: Openmeetings user-list <u...@openmeetings.apache.org>, dev < d...@openmeetings.apache.org>, user-russ...@openmeetings.apache.org CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG editor Severity: High Vendor: wicket-jquery-ui Versions Affected: <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1 Description: JS code created in WYSIWYG editor will be executed on display CVE-2018-1325 The issue was fixed in 6.29.1, 7.10.2, 8.0.0-M9.2 All users are recommended to upgrade to Apache OpenMeetings 4.0.3 Credit: This issue was identified by Kamil Sevi -- WBR Maxim aka solomax