CVE-2019-14297

medium

Veeam

CVSS v3 Base Score

5.4

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Confidentiality

Low

Integrity

Low

Availability

None

Published: July 27, 2019 (2483 days ago)

Last Modified: November 21, 2024

Vendor: Veeam

Source: NVD

Description

Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.

References

🔗 www.exploit-db.com 🔗 www.exploit-db.com

CVE-2019-14297

Vulnerability Report

Description

References