CVE-2019-19757

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 45.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Xclarity Administrator (lxca)Lenovo Xclarity Administrator

Timeline

PublishedFeb 14

Latest updateMay 24

Description

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not executed on LXCA itself.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5lenovo/xclarity_administrator_(lxca)unspecified — 2.6.6

▶NVDlenovo/xclarity_administrator< 2.6.6

🔴Vulnerability Details

GHSA

GHSA-gv24-vhxm-xr5j: An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnera↗2022-05-24

▶

CVEList

CVE-2019-19757: An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnera↗2020-02-14

▶