Cross-site Scripting (XSS)

2019-02-0806:52:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

73.8%

JSON

github.com/prometheus/prometheus is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists as the highlighter function was not sanitized and could be used for XSS attacks.

CPENameOperatorVersion
github.com/prometheus/prometheuseqHEAD
github.com/prometheus/prometheusle2.7.0
atomic-openshift-web-consoleeq3.10.66__1.git.389.adbeb58.el7
atomic-openshift-web-consoleeq3.9.33__1.git.248.9592e57.el7
atomic-openshift-web-consoleeq3.9.30__1.git.245.4a3aade.el7
atomic-openshift-web-consoleeq3.11.16__1.git.289.ecf7441.el7
atomic-openshift-web-consoleeq3.11.69__1.git.342.bf90c18.el7
atomic-openshift-web-consoleeq3.9.41__1.git.256.9e431bd.el7
atomic-openshift-web-consoleeq3.9.43__1.git.260.c73f17d.el7
atomic-openshift-web-consoleeq3.10.83__1.git.406.2c026c8.el7

Name	Operator	Version
github.com/prometheus/prometheus	eq	HEAD
github.com/prometheus/prometheus	le	2.7.0
atomic-openshift-web-console	eq	3.10.66__1.git.389.adbeb58.el7
atomic-openshift-web-console	eq	3.9.33__1.git.248.9592e57.el7
atomic-openshift-web-console	eq	3.9.30__1.git.245.4a3aade.el7
atomic-openshift-web-console	eq	3.11.16__1.git.289.ecf7441.el7
atomic-openshift-web-console	eq	3.11.69__1.git.342.bf90c18.el7
atomic-openshift-web-console	eq	3.9.41__1.git.256.9e431bd.el7
atomic-openshift-web-console	eq	3.9.43__1.git.260.c73f17d.el7
atomic-openshift-web-console	eq	3.10.83__1.git.406.2c026c8.el7