CVE-2019-19336 MEDIUM

CVE-2019-19336

Vendor Red Hat
Product ovirt-engine
Weakness CWE-79 · XSS
Published March 19, 2020
Last update August 5, 2024
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.

Key dates

02Disclosure timeline

March 19, 2020 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-12060 WP Media Optimizer (.webp) <= 1.4.0 - Reflected Cross-Site Scripting via wpmowebp-css-resources and wpmowebp-js-resources Parameters CVE-2023-0306 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq CVE-2025-31823 WordPress WPoperation Elementor Addons plugin 1.1.9 - Cross Site Scripting (XSS) vulnerability CVE-2024-1031 CodeAstro Expense Management System Add Expenses Page 5-Add-Expenses.php cross site scripting CVE-2024-48023 WordPress Restaurant Reservations Widget plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability