CVE-2019-11776
published 2019-08-09CVE-2019-11776: In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.
PriorityP423medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.90%
55.1th percentile
In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eclipse | business_intelligence_and_reporting_tools | 1.0.0 – 4.7.0 | — |
| the_eclipse_foundation | eclipse_birt | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vc5c-m6jv-5r6q: In Eclipse BIRT versions 1
ghsa_unreviewed·2022-05-24
CVE-2019-11776 [MEDIUM] CWE-79 GHSA-vc5c-m6jv-5r6q: In Eclipse BIRT versions 1
In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.
Red Hat
eclipse-birt: report viewer allows reflected XSS in __format url parameter
vendor_redhat·2019-04-29·CVSS 6.1
CVE-2019-11776 [MEDIUM] CWE-79 eclipse-birt: report viewer allows reflected XSS in __format url parameter
eclipse-birt: report viewer allows reflected XSS in __format url parameter
In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.
A reflected cross-site scripting (XSS) vulnerability was found in the Eclipse BIRT Report Viewer. Specifically, the __format parameter is not sufficiently sanitized, allowing JavaScript to be inserted in the URL. A remote attacker can exploit this flaw to execute JavaScript code within the context of the affected user.
Statement: This flaw did not affect the versions of eclipse-birt as shipped with Red Hat Enterprise Linux 6, as they did not include the BIRT Viewer component.
Package: eclipse-birt (Red Hat Enterprise Linux 6) - Not affected
Red Hat
struts2: Using specific results and namespaces can result in a remote code execution
vendor_redhat·2018-08-22·CVSS 8.1
CVE-2018-11776 [HIGH] CWE-20 struts2: Using specific results and namespaces can result in a remote code execution
struts2: Using specific results and namespaces can result in a remote code execution
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
Statement: A previous statement by Red Hat related to this CVE, prior to August 2019, said that Apache Struts 2 is not included in any Red Hat products. This earlier statement was incorrect. While Struts 2 is not actively compiled, shipped, used,
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-11776 eclipse-birt: report viewer allows reflected XSS in __format url parameter
bugzilla·2019-08-19·CVSS 6.1
CVE-2019-11776 [MEDIUM] CVE-2019-11776 eclipse-birt: report viewer allows reflected XSS in __format url parameter
CVE-2019-11776 eclipse-birt: report viewer allows reflected XSS in __format url parameter
A vulnerability was found in Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.
Reference:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546816
Discussion:
Upstream fix:
https://github.com/eclipse/birt/commit/91ef71824fa33d8fad5da1f7f23791a37f9aa4dc
---
Statement:
This flaw did not affect the versions of eclipse-birt as shipped with Red Hat Enterprise Linux 6, as they did not include the BIRT Viewer component.
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2019-11776
Bugzilla
CVE-2018-11776 struts2: Using specific results and namespaces can result in a remote code execution
bugzilla·2018-08-22·CVSS 8.1
CVE-2018-11776 [HIGH] CVE-2018-11776 struts2: Using specific results and namespaces can result in a remote code execution
CVE-2018-11776 struts2: Using specific results and namespaces can result in a remote code execution
It is possible to perform a RCE attack when namespace value isn't set for a result defined in underlying xml configurations and in same time, its upper action(s) configurations have no or wildcard namespace. Same possibility when using url tag which doesn’t have value and action set and in same time, its upper action(s) configurations have no or wildcard namespace.
External References:
https://cwiki.apache.org/confluence/display/WW/S2-057
Discussion:
Statement:
A previous statement by Red Hat related to this CVE, prior to August 2019, said that Apache Struts 2 is not included in any Red Hat products. This earlier statement was incorrect. While Struts 2 is not actively compiled, shipped
2019-08-09
Published