CVE-2019-19394

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-19394

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19394.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-19394

Published

2020-04-16T19:15:22.510Z

Modified

2026-02-03T07:04:10.492212Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0.

References

https://cfengine.com/company/blog-detail/cve-2019-19394-mission-portal-javascript-injection-vulnerability/

Affected packages

Git / github.com/cfengine/core

Affected ranges

Type: GIT
Repo: https://github.com/cfengine/core
Events: Introduced

7f5df18819155d786f66f9fb4ca1c5c80d2b1c29

Fixed

156b9adbc31f711fc9ddc8b1d9b63027ea9d0461

Introduced

dc823da05d6790e9f95e3cb75618b51d6273e303

Fixed

60af34434c70c282cd67d4d8d6d4b08231c1d37a

Affected versions

3.*

3.10.0

3.10.0-build2

3.10.0-build3

3.10.0-build4

3.10.1

3.10.1-build1

3.10.2

3.10.2-build1

3.10.2a-PTV

3.10.2a-PTV-build1

3.10.3

3.10.3-2-build1

3.10.3-DTV-MP-logging-build1

3.10.3-DTV-MP-logging-build2

3.10.3-WMI-build1

3.10.3-build1

3.10.3-build2

3.10.3-build3

3.10.3-build4

3.10.3-build5

3.10.4

3.10.4-build1

3.10.4-build2

3.10.4-build3

3.10.5

3.10.5-2-build1

3.10.5-2-build2

3.10.5-build1

3.10.5-build2

3.10.5-build3

3.10.5-build4

3.10.5-build5

3.10.6

3.10.6-build1

3.10.6-build2

3.10.6-build3

3.12.0

3.12.0-3756

3.12.0-build4

3.12.0-build5

3.12.0-build6

3.12.1

3.12.1-build1

3.12.1-build2

3.12.1-build3

3.12.1-build4

3.12.2

3.12.2-build1

3.12.2-build2

3.12.3-build1

3.12.3-build2

3.12.3-build3

3.12.3-build4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19394.json"