CVE-2019-3911

CVE-2019-3911

Vendor Tenable
Product LabKey Server Community Edition
Weakness CWE-79 · XSS
Published January 30, 2019
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.

Key dates

02Disclosure timeline

January 30, 2019 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE