CVE-2019-11556

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
6.1MEDIUM
EPSS
0.6%
top 30.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat PagureOpensuse Backports SLEOpensuse Leap
Timeline
PublishedSep 25
Latest updateMay 24

Description

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDredhat/pagure< 5.6
Ubuntupagure< 5.8.1+dfsg-3
NVDopensuse/leap15.1

Patches

Patch: pagure.ioPatch: pagure.ioPatch: pagure.io

🔴Vulnerability Details

3
GHSA
GHSA-678h-c4mf-x2hm: Pagure before 52022-05-24
OSV
CVE-2019-11556: Pagure before 52020-09-25
CVEList
CVE-2019-11556: Pagure before 52020-09-25

📋Vendor Advisories

1
Debian
CVE-2019-11556: pagure - Pagure before 5.6 allows XSS via the templates/blame.html blame view.2019