CVE-2019-9834

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-9834

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9834.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-9834

Downstream

DEBIAN-CVE-2019-9834

Published

2019-03-15T17:29:00.383Z

Modified

2025-11-20T11:07:46.353936Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot

Database specific

{
    "isDisputed": true
}

References

Affected packages

Git / github.com/netdata/netdata

Affected ranges

Type: GIT
Repo: https://github.com/netdata/netdata
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

f8e0f3ced35509f608f360823c57c19b19eb6164

Affected versions

Other

untagged-10d59b9e5fa68b9500e1

v0.*

v0.1

v0.2

v1.*

v1.0.0

v1.0rc

v1.1.0

v1.10.0

v1.11.0

v1.11.1

v1.12.0

v1.12.0-rc0

v1.12.0-rc1

v1.12.0-rc2

v1.12.0-rc3

v1.12.1

v1.12.2

v1.13.0

v1.2.0

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0