CVE-2019-14862 MEDIUM

CVE-2019-14862

Vendor Red Hat

Product knockout

Weakness CWE-79 · XSS

Published January 2, 2020

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

Key dates

02Disclosure timeline

January 2, 2020 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-14862 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-40770 WordPress Coupon Affiliates plugin <= 7.5.3 - Cross Site Scripting (XSS) vulnerability CVE-2022-3004 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm CVE-2024-53740 WordPress WooCommerce Ultimate Gift Card plugin < 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2021-34658 Simple Popup Newsletter <= 1.4.7 Reflected Cross-Site Scripting CVE-2025-4682 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets

Identifiers

CVE CVE-2019-14862

CWE CWE-79

CVSS 6.1 / MEDIUM

Affected versions

Vendor Red Hat

Product knockout

Affected all knockout versions before 3.5.0-beta