CVE-2019-25088

2022-12-2710:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2019-25088

ytti oxidized web

cross site scripting

vulnerability

remote exploit

patch

security advisory

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

41.2%

JSON

A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45. It is recommended to apply a patch to fix this issue. VDB-216870 is the identifier assigned to this vulnerability.

Affected configurations

NVD

Node

oxidized_web_projectoxidized_webRange<2019-07-01oxidized

CPENameOperatorVersion
oxidized_web_project:oxidized_weboxidized web project oxidized weblt2019-07-01

CPE	Name	Operator	Version
oxidized_web_project:oxidized_web	oxidized web project oxidized web	lt	2019-07-01

CNA Affected

[
  {
    "vendor": "ytti",
    "product": "Oxidized Web",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]