CVE-2019-3776 HIGH

CVE-2019-3776: Reflected XSS in Pivotal Operations Manager

Vendor Pivotal
Product Pivotal Ops Manager
Weakness CWE-79 · XSS
Published March 7, 2019
Last update September 17, 2024
View on NVD All CVEs

CVSS base score

7.2/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L

What the vulnerability does

01Description

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.

Key dates

02Disclosure timeline

March 7, 2019 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-42022 IBM InfoSphere Information Server cross-site scripting CVE-2024-56267 WordPress Interactive UK Map plugin <= 3.4.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability CVE-2023-45628 WordPress QR Twitter Widget Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS) CVE-2025-2163 Zoorum Comments <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2023-25042 WordPress oAuth Twitter Feed for Developers Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)