CVE-2019-1010199

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-1010199

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010199.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-1010199

Aliases

GHSA-vcfc-9wcp-j623

Published

2019-07-23T18:15:14.313Z

Modified

2026-04-10T04:16:56.584718Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0.

References

https://github.com/ServiceStack/ServiceStack/commit/a0e0d7de20f5d1712f1793f925496def4383c610

Affected packages

Git / github.com/servicestack/servicestack

Affected ranges

Type

GIT

Repo

https://github.com/servicestack/servicestack

Events

Introduced

Last affected

04d37ccf026b140d4da64e19d6d3c20f42dcbdd2

Fixed

a0e0d7de20f5d1712f1793f925496def4383c610

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.5.14"
        }
    ]
}

Affected versions

Other

v3-snapshot

v4.*

v4.0.10-sync

v4.0.17

v4.0.18

v4.0.19

v4.0.20

v4.0.21

v4.0.22

v4.0.23

v4.0.24

v4.0.30

v4.0.31

v4.0.32

v4.0.33

v4.0.34

v4.0.35

v4.0.36

v4.0.38

v4.0.40

v4.0.42

v4.0.44

v4.0.46

v4.0.48

v4.0.50

v4.0.52

v4.0.54

v4.0.56

v4.0.58

v4.0.60

v4.0.62

v4.5.0

v4.5.12

v4.5.14

v4.5.2

v4.5.4

v4.5.6

v4.5.8

v5.*

v5.0.2

v5.1.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010199.json"