cve/2024/CVE-2024-38379.md

CVE-2024-38379

Description

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack.  Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.This issue affects Apache Allura: from 1.4.0 through 1.17.0.Users are recommended to upgrade to version 1.17.1, which fixes the issue.

POC

Reference

No PoCs from references.

Github

• https://github.com/waspthebughunter/waspthebughunter