CVE-2019-9509 MEDIUM

CVE-2019-9509: The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected cross site scripting

Vendor Vertiv
Product Avocent UMG-4000
Weakness CWE-79 · XSS
Published March 30, 2020
Last update September 16, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code.

Key dates

02Disclosure timeline

March 30, 2020 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE