This site has moved to the integrated Appfire documentation and information site for our apps.
From February 2024 this site is no longer updated.
Take a look here! If you have any questions please email support@appfire.com
Comala Document Management Security Advisory 2020-12-09
This advisory discloses a security vulnerability found and fixed in Comala Document Management. We recommend upgrading Comala Document Management to the latest supported version.
Affected Versions
The vulnerability affects Comala Document Management 6.4.0 → 6.13.0
The 6.13.1 release contains a fix for the issue mentioned below.
Versions prior to 6.4.0 are not affected.
XSS Vulnerabilities
Severity
Comalatech rates the severity of these issues as Medium according to the published Atlassian Security Levels.
We have ranked the vulnerability as medium because:
- a registered user with edit permissions over pages or blog posts in the application could do the following:
- session riding
- stealing information and cookies
- creating a phishing page within the domain
This is an independent assessment and you should evaluate its applicability to your own IT environment.
Description
We have fixed a cross-site scripting vulnerability introduced in Comala Document Management 6.4.0. The vulnerability could allow any user with edit permission to use another user's session.
Risk Mitigation
Sites running 6.4.0-6.13.0 are recommended to upgrade to Comala Document Management to 6.13.1.
If upgrading immediately is not possible, please disable the application until you can upgrade it.