CVE-2019-1010199

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-1010199
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010199.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-1010199
Aliases
Published
2019-07-23T18:15:14Z
Modified
2024-05-23T01:18:19.473645Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0.

References

Affected packages

Git / github.com/servicestack/servicestack

Affected ranges

Type
GIT
Repo
https://github.com/servicestack/servicestack
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

v3-snapshot
v5

v4.*

v4.0.10-sync
v4.0.17
v4.0.18
v4.0.19
v4.0.20
v4.0.21
v4.0.22
v4.0.23
v4.0.24
v4.0.30
v4.0.31
v4.0.32
v4.0.33
v4.0.34
v4.0.35
v4.0.36
v4.0.38
v4.0.40
v4.0.42
v4.0.44
v4.0.46
v4.0.48
v4.0.50
v4.0.52
v4.0.54
v4.0.56
v4.0.58
v4.0.60
v4.0.62
v4.5.0
v4.5.10
v4.5.12
v4.5.14
v4.5.2
v4.5.4
v4.5.6
v4.5.8

v5.*

v5.0.2
v5.1.0