CVE-2019-3761 MEDIUM

CVE-2019-3761

Vendor Dell
Product RSA Identity Governance and Lifecycle
Weakness CWE-79 · XSS
Published September 11, 2019
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application.

Key dates

02Disclosure timeline

September 11, 2019 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-41844 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-1978 ShiftController Employee Shift Scheduling <= 4.9.25 - Reflected Cross-Site Scripting via Query String CVE-2024-47117 IBM Carbon Design System cross-site scripting CVE-2025-58850 WordPress Showpass WordPress Extension Plugin <= 4.0.3 - Cross Site Scripting (XSS) Vulnerability CVE-2024-9366 Easy Menu Manager | WPZest <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload