PT-2019-13595 · Veeam · Veeam One Reporter

Publicado

2019-07-27

Atualizado

2019-07-29

CVE-2019-14298

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Veeam ONE Reporter version 9.5.0.3201

Description The issue allows for cross-site scripting (XSS) attacks via a crafted Description field in the config to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx. This can potentially lead to the execution of malicious scripts.

Recommendations For Veeam ONE Reporter version 9.5.0.3201, consider restricting access to the CommonDataHandlerReadOnly.ashx endpoint until a patch is available. As a temporary workaround, avoid using the Description field in the config for addDashboard or editDashboard operations to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-14298

Produtos afetados

Veeam One Reporter

PT-2019-13595 · Veeam · Veeam One Reporter

CVE-2019-14298

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3