Lucene search

K

GoogleOSV:CVE-2019-11454

HistoryApr 22, 2019 - 4:29 p.m.

CVE-2019-11454

2019-04-2216:29:01

Google

osv.dev

9

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

55.2%

Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.

References

bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3

bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c

github.com/dzflack/exploits/blob/master/unix/monit_xss.py

lists.debian.org/debian-lts-announce/2019/04/msg00028.html

lists.debian.org/debian-lts-announce/2021/12/msg00018.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/

usn.ubuntu.com/3971-1/

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

55.2%

Related for OSV:CVE-2019-11454

debiancve1 alpinelinux1 prion1 nvd2 cve2 ubuntucve1 cvelist1 veracode1 fedora2 debian2 nessus5 openvas8 mageia1 ubuntu2 osv3