CVE-2019-3562

2019-04-2915:32:45

CWE-74

facebook

www.cve.org

EPSS

0.001

Percentile

38.1%

JSON

A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11.

CNA Affected

[
  {
    "product": "Oculus Browser",
    "vendor": "Oculus",
    "versions": [
      {
        "status": "affected",
        "version": "5.7.11"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "5.2.7",
        "versionType": "custom"
      },
      {
        "lessThan": "5.2.7",
        "status": "unaffected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.facebook.com/security/advisories/cve-2019-3562

EPSS

0.001

Percentile

38.1%

JSON

Related for CVELIST:CVE-2019-3562