CVE-2019-19336
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-19336
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19336.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-19336
- Related
- Published
- 2020-03-19T14:15:11Z
- Modified
- 2024-09-03T02:32:21.747270Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.
- References
Affected packages
Git / github.com/ovirt/ovirt-engine
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ovirt/ovirt-engine
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
list
ovirt-engine-3.*
ovirt-engine-3.3-beta1
ovirt-engine-3.3_beta1
ovirt-engine-3.5.0_alpha1
ovirt-engine-3.5.0_alpha1.1
ovirt-engine-3.5.0_alpha2
ovirt-engine-3.5.0_beta1
ovirt-engine-3.6.0_alpha1
ovirt-engine-3.6.0_alpha1.1
ovirt-engine-3.6.0_alpha1.2
ovirt-engine-3.6.0_alpha2
ovirt-engine-3.6.0_alpha3
ovirt-engine-3.6.0_beta1
ovirt-engine-3.6.0_beta1.1
ovirt-engine-3.6.0_qa1
ovirt-engine-3.6.0_qa2
ovirt-engine-3.6.0_qa3
ovirt-engine-3.6.0_qa4
ovirt-engine-4.*
ovirt-engine-4.0.0_alpha1
ovirt-engine-4.0.0_beta1
ovirt-engine-4.1.0_beta1
ovirt-engine-4.2.0
ovirt-engine-4.2.0.1
ovirt-engine-4.2.0.2
ovirt-engine-4.2.0_beta1
ovirt-engine-4.2.0_beta2
ovirt-engine-4.2.0_test1
ovirt-engine-4.2.1
ovirt-engine-4.2.1.1
ovirt-engine-4.2.1.2
ovirt-engine-4.2.1.3
ovirt-engine-4.2.1.4
ovirt-engine-4.3.0
ovirt-engine-4.3.0.1
ovirt-engine-4.3.0.2
ovirt-engine-4.3.0.3
ovirt-engine-4.3.0.4
ovirt-engine-4.3.0_alpha
ovirt-engine-4.3.0_alpha2
ovirt-engine-4.3.0_rc
ovirt-engine-4.3.0_rc2
ovirt-engine-4.3.1
ovirt-engine-4.3.1.1
ovirt-engine-4.3.2
ovirt-engine-4.3.2.1
ovirt-engine-4.3.3
ovirt-engine-4.3.3.1
ovirt-engine-4.3.3.2
ovirt-engine-4.3.3.3
ovirt-engine-4.3.3.4
ovirt-engine-4.3.3.5
ovirt-engine-4.3.4
ovirt-engine-4.3.4.1
ovirt-engine-4.3.4.2
ovirt-engine-4.3.5
ovirt-engine-4.3.5.1
ovirt-engine-4.3.5.2
ovirt-engine-4.3.5.3
ovirt-engine-4.3.5.4
ovirt-engine-4.3.6
ovirt-engine-4.3.6.1
ovirt-engine-4.3.6.2
ovirt-engine-4.3.6.3
ovirt-engine-4.3.6.4
ovirt-engine-4.3.6.5
ovirt-engine-4.3.6.6
ovirt-engine-4.3.6.7
ovirt-engine-4.3.7.0
ovirt-engine-4.3.7.1
ovirt-engine-4.3.7.2