CVE-2019-25088

2022-12-2710:15:10

Google

osv.dev

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

41.1%

JSON

A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45. It is recommended to apply a patch to fix this issue. VDB-216870 is the identifier assigned to this vulnerability.

CPENameOperatorVersion
oxidized-webeq0.9.3
oxidized-webeq0.5.1
oxidized-webeq012.1
oxidized-webeq0.11.1
oxidized-webeq0.1.2
oxidized-webeq0.10.1
oxidized-webeq0.6.0
oxidized-webeq0.9.2
oxidized-webeq0.5.2
oxidized-webeq0.5.0

Name	Operator	Version
oxidized-web	eq	0.9.3
oxidized-web	eq	0.5.1
oxidized-web	eq	012.1
oxidized-web	eq	0.11.1
oxidized-web	eq	0.1.2
oxidized-web	eq	0.10.1
oxidized-web	eq	0.6.0
oxidized-web	eq	0.9.2
oxidized-web	eq	0.5.2
oxidized-web	eq	0.5.0