QueueMetrics > QueueMetrics news

Possible XSS issue - please upgrade

(1/1)

QueueMetrics:
We have been notified by Dylan Webb of Allied Infosecurity that versions of QueueMetrics up to 12.10 may present a reflective XSS vulnerability - an attacker could execute arbitrary HTML or script code in a targeted user's browser. This could be leveraged to steal sensitive information such as user credentials and/or conduct other malicious activities.

We have patched the issue by releasing version 12.10.1.1, that is immediately available on our RPM repositories or through direct download. If you installed QM using yum, you should simply run:


--- Code: ---yum update queuemetrics
--- End code ---

to get the latest version.

Though the real-life impact of the issue may be moderate (especially if you run QM on an intranet) we suggest upgrading as a precautionary measure.

Navigation

[0] Message Index

Go to full version