PT-2020-10909 · Offensive Security · Openqa

Johannes Segitz

Published

2020-01-17

Updated

2020-01-27

CVE-2019-3686

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions openQA versions before commit c172e8883d8f32fced5e02f9b6faaacc913df27b

Description The issue concerns an XSS vulnerability in the distri and version parameters. This was reported through the bug bounty program of Offensive Security.

Recommendations For versions before commit c172e8883d8f32fced5e02f9b6faaacc913df27b, consider restricting access to the distri and version parameters until a fix is applied. Avoid using these parameters in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-3686

Affected Products

Openqa

PT-2020-10909 · Offensive Security · Openqa

CVE-2019-3686

Weakness Enumeration

Related Identifiers

Affected Products

References · 3