CVE-2019-19336

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-19336
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19336.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-19336
Related
Published
2020-03-19T14:15:11Z
Modified
2024-10-12T04:40:15.513791Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.

References

Affected packages

Git / github.com/ovirt/ovirt-engine

Affected ranges

Type
GIT
Repo
https://github.com/ovirt/ovirt-engine
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

list

ovirt-engine-3.*

ovirt-engine-3.3-beta1
ovirt-engine-3.3_beta1
ovirt-engine-3.5.0_alpha1
ovirt-engine-3.5.0_alpha1.1
ovirt-engine-3.5.0_alpha2
ovirt-engine-3.5.0_beta1
ovirt-engine-3.6.0_alpha1
ovirt-engine-3.6.0_alpha1.1
ovirt-engine-3.6.0_alpha1.2
ovirt-engine-3.6.0_alpha2
ovirt-engine-3.6.0_alpha3
ovirt-engine-3.6.0_beta1
ovirt-engine-3.6.0_beta1.1
ovirt-engine-3.6.0_qa1
ovirt-engine-3.6.0_qa2
ovirt-engine-3.6.0_qa3
ovirt-engine-3.6.0_qa4

ovirt-engine-4.*

ovirt-engine-4.0.0_alpha1
ovirt-engine-4.0.0_beta1
ovirt-engine-4.1.0_beta1
ovirt-engine-4.2.0
ovirt-engine-4.2.0.1
ovirt-engine-4.2.0.2
ovirt-engine-4.2.0_beta1
ovirt-engine-4.2.0_beta2
ovirt-engine-4.2.0_test1
ovirt-engine-4.2.1
ovirt-engine-4.2.1.1
ovirt-engine-4.2.1.2
ovirt-engine-4.2.1.3
ovirt-engine-4.2.1.4
ovirt-engine-4.3.0
ovirt-engine-4.3.0.1
ovirt-engine-4.3.0.2
ovirt-engine-4.3.0.3
ovirt-engine-4.3.0.4
ovirt-engine-4.3.0_alpha
ovirt-engine-4.3.0_alpha2
ovirt-engine-4.3.0_rc
ovirt-engine-4.3.0_rc2
ovirt-engine-4.3.1
ovirt-engine-4.3.1.1
ovirt-engine-4.3.2
ovirt-engine-4.3.2.1
ovirt-engine-4.3.3
ovirt-engine-4.3.3.1
ovirt-engine-4.3.3.2
ovirt-engine-4.3.3.3
ovirt-engine-4.3.3.4
ovirt-engine-4.3.3.5
ovirt-engine-4.3.4
ovirt-engine-4.3.4.1
ovirt-engine-4.3.4.2
ovirt-engine-4.3.5
ovirt-engine-4.3.5.1
ovirt-engine-4.3.5.2
ovirt-engine-4.3.5.3
ovirt-engine-4.3.5.4
ovirt-engine-4.3.6
ovirt-engine-4.3.6.1
ovirt-engine-4.3.6.2
ovirt-engine-4.3.6.3
ovirt-engine-4.3.6.4
ovirt-engine-4.3.6.5
ovirt-engine-4.3.6.6
ovirt-engine-4.3.6.7
ovirt-engine-4.3.7.0
ovirt-engine-4.3.7.1
ovirt-engine-4.3.7.2