CVE-2019-19040

Name of the Vulnerable Software and Affected Versions KairosDB versions prior to 1.2.3

Description The issue concerns an XSS vulnerability in the view.html file due to the showErrorMessage function in js/graph.js. This can be exploited by including a specific substring, such as "sampling":{"value":"<script> in a query, for example, view.html?q=.

Recommendations For KairosDB versions prior to 1.2.3, as a temporary workaround, consider disabling the showErrorMessage function in js/graph.js until a patch is available. Restrict access to the view.html file to minimize the risk of exploitation. Avoid using the q parameter in the view.html endpoint until the issue is resolved.