GCHQ Stroom is vulnerable to Cross-Site Scripting due to the ability to load the Stroom dashboard on another site and insufficient protection against window event origins.
- Affected versions: < 5.5.12 & < 6.0.25
- Patched versions: 5.5.12 & 6.0.25
Launch Stroom and assign it a hostname like stroom.my-company.com
, then log in.