Lucene search
Veracode Vulnerability DatabaseVERACODE:5830HistoryFeb 20, 2018 - 10:31 a.m.
Cross-site Scripting (XSS)
2018-02-2010:31:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.001 Low
EPSS
Percentile
44.7%
knockout is vulnerable to cross-site scripting (XSS) attacks. Element names are directly passed to the Document Object Manipulator through string concatenation, allowing a malicious user to inject and execute arbitrary Javascript. This vulnerability only affects Internet Explorer versions 7 and older.
| CPE | Name | Operator | Version |
|---|---|---|---|
| knockout | le | 3.5.0-beta | |
| knockout | le | 3.5.0-beta | |
| knockout | le | 3.4.2 | |
| knockout | le | 3.4.2 | |
| knockout | le | 3.4.2 | |
| knockout | le | 3.5.0-beta | |
| knockout | le | 3.5.0-beta | |
| knockout | le | 3.4.2 | |
| knockout | le | 3.4.2 | |
| knockout | le | 3.4.2 |
Related
nvd
nvd
CVE-2019-14862
2020-01-02 15:15:12
osv
osv
XSS in knockout
2020-04-01 15:47:45
CVE-2019-14862
2020-01-02 15:15:12
github
github
XSS in knockout
2020-04-01 15:47:45
ubuntucve
ubuntucve
CVE-2019-14862
2020-01-02 00:00:00
debiancve
debiancve
CVE-2019-14862
2020-01-02 15:15:12
prion
prion
Design/Logic Flaw
2020-01-02 15:15:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Knockoutjs Knockout
2020-12-01 09:18:57
cve
cve
CVE-2019-14862
2020-01-02 15:15:12
cvelist
cvelist
CVE-2019-14862
2020-01-02 14:18:58
redhatcve
redhatcve
CVE-2019-14862
2019-10-21 13:21:25
redhat
redhat
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00