CVE-2019-19294

Name of the Vulnerable Software and Affected Versions Control Center Server (CCS) versions prior to V1.5.0

Description A stored Cross-site Scripting (XSS) vulnerability has been identified in the web interface of the Control Center Server (CCS). This issue is related to the lack of input data sanitization, which could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application. The injected code would be executed in the browser context of any other user who views the relevant CCS web content.

Recommendations For versions prior to V1.5.0, update to version V1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the CCS web interface to minimize the risk of exploitation. Additionally, avoid using input fields that may be vulnerable to XSS attacks until the issue is resolved.