2018-11-07 19:00:00
mitre
PUBLISHED
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-adminsrcmainwebappWEB-INFviewsuseruser_list.jsp.