CVE-2019-3826

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-3826
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3826.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3826
Downstream
Related
Published
2019-03-26T18:29:00.623Z
Modified
2026-03-15T22:29:13.654784Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.

References

Affected packages

Git / github.com/prometheus/prometheus

Affected ranges

Type
GIT
Repo
https://github.com/prometheus/prometheus
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
62e591f928ddf6b3468308b7ac1de1c63aa7fcf3
Fixed
62e591f9
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.7.1"
        }
    ]
}

Affected versions

0.*
0.1.0
0.10.0
0.11.0
0.11.1
0.12.0
0.13.0
0.13.0rc2
0.13.1
0.13.2
0.13.3
0.14.0
0.14.0rc1
0.14.0rc2
0.14.0rc3
0.15.0
0.15.0rc1
0.15.0rc2
0.15.0rc3
0.15.1
0.16.0
0.16.0rc1
0.16.0rc2
0.17.0rc1
0.17.0rc2
0.18.0
0.18.0rc1
0.19.0
0.19.1
0.19.2
0.19.3
0.2.0
0.2.1
0.20.0
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.8.0
0.9.0
0.9.0rc1
0.9.0rc2
0.9.0rc3
0.9.0rc4
0.9.0rc5
Other
checkout
dev
discovery-handle-discoverer-updates
v1.*
v1.0.0
v1.0.0-rc.0
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.3.0-beta.0
v1.3.1
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.2
v1.7.0
v1.7.1
v1.7.2
v1.8.0
v1.8.1
v2.*
v2.0.0
v2.0.0-alpha.0
v2.0.0-alpha.1
v2.0.0-alpha.2
v2.0.0-alpha.3
v2.0.0-beta.0
v2.0.0-beta.1
v2.0.0-beta.2
v2.0.0-beta.4
v2.0.0-beta.5
v2.0.0-rc.0
v2.0.0-rc.1
v2.0.0-rc.2
v2.0.0-rc.3
v2.1.0
v2.2.0
v2.2.0-rc.0
v2.2.0-rc.1
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.0-rc.0
v2.4.1
v2.4.2
v2.4.3
v2.5.0-rc.0
v2.6.0
v2.6.0-rc.0
v2.6.0-rc.1
v2.6.1
v2.7.0
v2.7.0-rc.0
v2.7.0-rc.1
v2.7.0-rc.2

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.11"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3826.json"