CVE-2019-19757

Name of the Vulnerable Software and Affected Versions Lenovo XClarity Administrator versions prior to 2.6.6

Description The issue is a Document Object Model (DOM) based cross-site scripting vulnerability. It could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not on the Lenovo XClarity Administrator itself.

Recommendations For versions prior to 2.6.6, update to version 2.6.6 or later to resolve the issue. As a temporary workaround, consider avoiding visits to specially crafted links that could exploit this vulnerability. Restrict access to untrusted websites or links to minimize the risk of exploitation.