CVE-2019-3776Cross-site Scripting in OPS Manager

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
CNA7.2
EPSS
0.2%
top 58.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pivotal OPS ManagerPivotal Software Operations Manager
Timeline
PublishedMar 7
Latest updateMay 13

Description

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDpivotal_software/operations_manager2.1.02.1.20+3
CVEListV5pivotal/pivotal_ops_manager2.22.2.16+3

🔴Vulnerability Details

2
GHSA
GHSA-pmhh-pxq2-c7gj: Pivotal Operations Manager, 22022-05-13
CVEList
Reflected XSS in Pivotal Operations Manager2019-03-07
CVE-2019-3776 — Cross-site Scripting in OPS Manager | cvebase