CVE-2019-19294 MEDIUM

CVE-2019-19294

Vendor Siemens
Product Control Center Server (CCS)
Weakness CWE-79 · XSS
Published March 10, 2020
Last update August 5, 2024
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N/E:P/RL:U/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content.

Key dates

02Disclosure timeline

March 10, 2020 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-29805 WordPress Shipping with Venipak for WooCommerce plugin <= 1.19.5 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-51833 WordPress Easy Social Sharebar plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-4519 Campcodes Complete Web-Based School Management System teacher_salary_details3.php cross site scripting CVE-2024-12820 MK Google Directions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-63021 WordPress Valenti Engine plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability