Lucene search

[email protected]CVE-2019-5988

HistoryJan 06, 2020 - 6:15 a.m.

CVE-2019-5988

2020-01-0606:15:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2019-5988

stored xss

access analysis

cgi

an-analyzer

nvd

security vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

53.3%

JSON

Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page.

CPENameOperatorVersion
anglers-net:cgi_an-anlyzeranglers-net cgi an-anlyzerle2019-06-24

CPE	Name	Operator	Version
anglers-net:cgi_an-anlyzer	anglers-net cgi an-anlyzer	le	2019-06-24

References

jvn.jp/en/jp/JVN37230341/index.html

www.anglers-net.com/anlog/update/index.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

53.3%

JSON

Related for CVE-2019-5988

cvelist1 prion1 jvn1