CVE-2019-9834

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-9834
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9834.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-9834
Downstream
Published
2019-03-15T17:29:00.383Z
Modified
2026-03-14T09:44:02.050209Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot

References

Affected packages

Git / github.com/netdata/netdata

Affected ranges

Type
GIT
Repo
https://github.com/netdata/netdata
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f8e0f3ced35509f608f360823c57c19b19eb6164
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.13.0"
        }
    ]
}

Affected versions

Other
untagged-10d59b9e5fa68b9500e1
v0.*
v0.1
v0.2
v1.*
v1.0.0
v1.0rc
v1.1.0
v1.10.0
v1.11.0
v1.11.1
v1.12.0
v1.12.0-rc0
v1.12.0-rc1
v1.12.0-rc2
v1.12.0-rc3
v1.12.1
v1.12.2
v1.13.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9834.json"