Wasp

**Name of the Vulnerable Software and Affected Versions** Apache Allura versions 1.4.0 through 1.17.0 **Description** Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. **Recommendations** For Apache Allura versions 1.4.0 through 1.17.0, upgrade to version 1.17.1, which fixes the issue. As a temporary workaround, consider restricting access to the neighborhood settings for untrusted neighborhood admins until the upgrade is applied.