CVE-2019-1010199

Name of the Vulnerable Software and Affected Versions: ServiceStack ServiceStack Framework versions prior to 5.2.0

Description: The issue allows JavaScript to be reflected in the server response, which is then executed by the browser. This is due to a lack of server-side validation and the potential for browser encoding to be bypassed. The component vulnerable to this issue is the query used in the GET request. When a victim opens a crafted URL, they can be affected.

Recommendations: For versions prior to 5.2.0, update to version 5.2.0 to resolve the issue. As a temporary workaround, consider implementing server-side validation for the query used in the GET request to minimize the risk of exploitation. Restrict access to crafted URLs to prevent the execution of malicious JavaScript code.