CVE-2019-25088
published 2022-12-27CVE-2019-25088: A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file…
PriorityP426medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.53%
40.8th percentile
A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45. It is recommended to apply a patch to fix this issue. VDB-216870 is the identifier assigned to this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oxidized_web_project | oxidized_web | < 2019-07-01 | 2019-07-01 |
| ytti | oxidized_web | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Oxidized Web vulnerable to Cross-site Scripting
ghsa·2022-12-27
CVE-2019-25088 [MEDIUM] CWE-79 Oxidized Web vulnerable to Cross-site Scripting
Oxidized Web vulnerable to Cross-site Scripting
A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file `lib/oxidized/web/views/conf_search.haml`. The manipulation of the argument `to_research` leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45. It is recommended to apply a patch to fix this issue. VDB-216870 is the identifier assigned to this vulnerability.
OSV
Oxidized Web vulnerable to Cross-site Scripting
osv·2022-12-27
CVE-2019-25088 [MEDIUM] Oxidized Web vulnerable to Cross-site Scripting
Oxidized Web vulnerable to Cross-site Scripting
A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file `lib/oxidized/web/views/conf_search.haml`. The manipulation of the argument `to_research` leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45. It is recommended to apply a patch to fix this issue. VDB-216870 is the identifier assigned to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/ytti/oxidized-web/commit/55ab9bdc68b03ebce9280b8746ef31d7fdedcc45https://github.com/ytti/oxidized-web/pull/195https://vuldb.com/?ctiid.216870https://vuldb.com/?id.216870https://github.com/ytti/oxidized-web/commit/55ab9bdc68b03ebce9280b8746ef31d7fdedcc45https://github.com/ytti/oxidized-web/pull/195https://vuldb.com/?ctiid.216870https://vuldb.com/?id.216870
2022-12-27
Published