CVE-2019-19757 MEDIUM

CVE-2019-19757

Vendor Lenovo

Product XClarity Administrator (LXCA)

Weakness CWE-79 · XSS

Published February 14, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not executed on LXCA itself.

Key dates

02Disclosure timeline

February 14, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-19757

Related vulnerabilities

Identifiers

CVE CVE-2019-19757

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions