2 matches found
CVE-2019-1020003
invenio-records before 1.2.2 allows XSS...
CVE-2019-1020003
CVE-2019-1020003 affects invenio-records (before 1.2.2), a metadata storage module. The root cause is lack of proper validation of client-side data by the WEB application, leading to cross-site scripting (XSS) (per CNVD/OSV/NVD entries and vendor advisories). Impact is that an attacker can execut...