3 matches found
CVE-2019-3911
LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected XSS via the onerror parameter in the /__r2/query endpoint, allowing an unauthenticated attacker to inject arbitrary JavaScript. Affected version range is prior to 18.3.0-61806.763. Remediation: upgrade to LabKey Server C...
CVE-2019-3912
CVE-2019-3912 affects LabKey Server Community Edition prior to 18.3.0-61806.763. The Open Redirect vulnerability is triggered via the /__r1/ returnURL parameter, allowing an unauthenticated remote attacker to redirect users to arbitrary external sites. The NUCLEI template and NVD entry confirm th...
CVE-2019-3913
CVE-2019-3913 affects LabKey Server Community Edition prior to 18.3.0-61806.763. It is a logic flaw in the network drive mapping functionality where lack of input sanitization in the mount() path allows an authenticated user to unmount drives, leading to denial of service. Affected component: Lab...