CVE-2018-1000516

Name of the Vulnerable Software and Affected Versions Galaxy Project Galaxy versions prior to v14.10.1

Description The issue concerns improper neutralization of input during web page generation, allowing for cross-site scripting (XSS) attacks. This can enable a malicious user to execute arbitrary JavaScript code by creating a URL that, when opened by a Galaxy user or administrator, injects JavaScript code. The attack is exploitable when the victim interacts with a component on the page containing the injected code.

Recommendations For Galaxy Project Galaxy versions prior to v14.10.1, update to version v14.10.1 or v15.01 to resolve the issue.