Lucene search
K
LabkeyLabkey Server

6 matches found

CVE
CVE
added 2019/01/30 8:0 p.m.76 views

CVE-2019-3911

LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected XSS via the onerror parameter in the /__r2/query endpoint, allowing an unauthenticated attacker to inject arbitrary JavaScript. Affected version range is prior to 18.3.0-61806.763. Remediation: upgrade to LabKey Server C...

6.1CVSS6AI score0.03813EPSS
CVE
CVE
added 2019/10/29 4:30 p.m.62 views

CVE-2019-9757

LabKey Server 19.1.0 is affected by CVE-2019-9757: sending an SVG containing an XML External Entity (XXE) payload to visualization-exportImage.view or visualization-exportPDF.view can read arbitrary local files on the server. Root cause is an XXE flaw in XML parsing exposed by those endpoints. Im...

7.5CVSS7.3AI score0.37336EPSS
CVE
CVE
added 2019/01/30 8:0 p.m.60 views

CVE-2019-3912

CVE-2019-3912 affects LabKey Server Community Edition prior to 18.3.0-61806.763. The Open Redirect vulnerability is triggered via the /__r1/ returnURL parameter, allowing an unauthenticated remote attacker to redirect users to arbitrary external sites. The NUCLEI template and NVD entry confirm th...

6.1CVSS6.3AI score0.04825EPSS
CVE
CVE
added 2019/10/29 4:40 p.m.56 views

CVE-2019-9758

CVE-2019-9758 concerns LabKey Server 19.1.0 where the user display name is vulnerable to stored XSS that can execute in admin context. The issue affects administrators when viewing pages in the admin panel (security/permissions.view, security/addUsers.view, or wiki/Administration/page.view), pote...

5.4CVSS5.3AI score0.01043EPSS
CVE
CVE
added 2019/10/29 4:46 p.m.56 views

CVE-2019-9926

LabKey Server 19.1.0 is affected by a CSRF vulnerability in /reports-viewScriptReport.view that can coerce a logged-in administrator into executing code. The issue is described across multiple sources (NVDRed Hat/CVE record, CNVD, PRION, CVE-lists, EUVD) as a CSRF weakness allowing an authenticat...

8.8CVSS8.7AI score0.01921EPSS
CVE
CVE
added 2019/01/30 8:0 p.m.47 views

CVE-2019-3913

CVE-2019-3913 affects LabKey Server Community Edition prior to 18.3.0-61806.763. It is a logic flaw in the network drive mapping functionality where lack of input sanitization in the mount() path allows an authenticated user to unmount drives, leading to denial of service. Affected component: Lab...

4.9CVSS5.1AI score0.01738EPSS