2 matches found
CVE-2019-3911
LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected XSS via the onerror parameter in the /__r2/query endpoint, allowing an unauthenticated attacker to inject arbitrary JavaScript. Affected version range is prior to 18.3.0-61806.763. Remediation: upgrade to LabKey Server C...
PT-2019-16766 · Labkey · Labkey Server Community Edition
Name of the Vulnerable Software and Affected Versions: LabKey Server Community Edition versions prior to 18.3.0-61806.763 Description: A reflected cross-site scripting issue allows an unauthenticated remote attacker to inject arbitrary javascript. This is achieved via the onerror parameter in the...