← Back

CVE-2019-1020005

nvd nist
Published: Jul 29, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

invenio-communities before 1.0.0a20 allows XSS.

Affected (19)

Inveniosoftware
1 product
Invenio Communities
Configuration A
19 vulnerable
Vulnerable SoftwareAffected Versions
Inveniosoftware
Invenio Communities
Version 1.0.0 a10
Invenio Communities
Version 1.0.0 a11
Invenio Communities
Version 1.0.0 a12
Invenio Communities
Version 1.0.0 a13
Invenio Communities
Version 1.0.0 a14
Invenio Communities
Version 1.0.0 a15
Invenio Communities
Version 1.0.0 a16
Invenio Communities
Version 1.0.0 a17
Invenio Communities
Version 1.0.0 a18
Invenio Communities
Version 1.0.0 a19
Invenio Communities
Version 1.0.0 a1
Invenio Communities
Version 1.0.0 a2
Invenio Communities
Version 1.0.0 a3
Invenio Communities
Version 1.0.0 a4
Invenio Communities
Version 1.0.0 a5
Invenio Communities
Version 1.0.0 a6
Invenio Communities
Version 1.0.0 a7
Invenio Communities
Version 1.0.0 a8
Invenio Communities
Version 1.0.0 a9

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: josh@bress.net
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.