UBUNTU-CVE-2019-3826

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

Cross site scripting

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

CVE-2019-3826

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

CVE-2019-3826

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

CVE-2019-3826

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

DEBIAN-CVE-2019-3826

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

CVE-2019-3826

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

CVE-2019-3826

Technical details about CVE-2019-3826 are not further provided in the connected documents. The available information originates from the Initial Description (Prometheus 2.7.1 and earlier XSS) with no additional public details in the linked sources. Monitor for updates.

CVE-2019-3826

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

PT-2019-16739 · Prometheus +1 · Prometheus +1

Name of the Vulnerable Software and Affected Versions: Prometheus versions prior to 2.7.1 Description: A stored, DOM based, cross-site scripting XSS flaw was found. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the...

prometheus: Stored DOM cross-site scripting (XSS) attack via crafted URL

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

CVE-2019-3826

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Source code disclosure merge request diff Todos improper access control URL rel attribute not set Persistent XSS Autocompletion SSRF repository mirroring CI job token LFS error message disclosure Secret CI variable exposure Guest user CI job disclosure Persistent XSS label referen...

GitLab CE/EE Information Disclosure Vulnerability (CNVD-2018-26957)

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. An information...

CVE-2018-18644

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration...

CVE-2018-18644

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration...

Information disclosure

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration...

CVE-2018-18644

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration...

CVE-2018-18644

The CVE-2018-18644 vulnerability affects GitLab Community/Enterprise Edition 11.x prior to 11.2.7, 11.3.x prior to 11.3.8, and 11.4.x prior to 11.4.3, allowing information exposure via the Prometheus integration. Root cause: information disclosure due to Prometheus integration exposure. Impact: p...

CVE-2018-18644

Removed by vendor...