CVE-2019-10085

Name of the Vulnerable Software and Affected Versions: Apache Allura versions prior to 1.11.0

Description: A stored XSS issue exists in the user dropdown selector when creating or editing tickets. The XSS executes when a user interacts with the dropdown on the affected page.

Recommendations: For versions prior to 1.11.0, update to version 1.11.0 or later to resolve the issue.