CVE-2019-3686 MEDIUM

CVE-2019-3686: XSS in distri and version parameter in openQA

Vendor Suse

Product openQA

Weakness CWE-79 · XSS

Published January 17, 2020

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security

Key dates

02Disclosure timeline

January 17, 2020 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-3686

Related vulnerabilities

04Related CVE

CVE-2025-3866 Add Google +1 (Plus one) social share Button <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2022-29421 WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability CVE-2025-1591 SourceCodester Employee Management System Department Page department.php cross site scripting CVE-2023-5867 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq CVE-2020-13959 Velocity Tools XSS Vulnerability

Identifiers

CVE CVE-2019-3686

CWE CWE-79

CVSS 6.5 / MEDIUM

Affected versions

Vendor Suse

Product openQA

Affected ≥ unspecified and < c172e8883d8f32fced5e02f9b6faaacc913df27b