cbcvebase.

Labkey Server vulnerabilities

6 known vulnerabilities affecting labkey/labkey_server.

Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2019-9757P2HIGHCVSS 7.5PoCv19.1.02019-10-29
CVE-2019-9757 [HIGH] CWE-611 CVE-2019-9757: An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the end An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.
nvd
CVE-2019-3912P3MEDIUMCVSS 6.1PoCfixed in 18.3.0-61806.7632019-01-30
CVE-2019-3912 [MEDIUM] CWE-601 CVE-2019-3912: An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /_ An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.
nvd
CVE-2019-3911P3MEDIUMCVSS 6.1PoCfixed in 18.3.0-61806.7632019-01-30
CVE-2019-3911 [MEDIUM] CWE-79 CVE-2019-3911: Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0- Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.
nvd
CVE-2019-9926P3HIGHCVSS 8.8v19.1.02019-10-29
CVE-2019-9926 [HIGH] CWE-352 CVE-2019-9926: An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator t An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability.
nvd
CVE-2019-9758P4MEDIUMCVSS 5.4v19.1.02019-10-29
CVE-2019-9758 [MEDIUM] CWE-79 CVE-2019-9758: An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation.
nvd
CVE-2019-3913P4MEDIUMCVSS 4.9fixed in 18.3.0-61806.7632019-01-30
CVE-2019-3913 [MEDIUM] CWE-77 CVE-2019-3913: Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authentica Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service.
nvd
Labkey Server vulnerabilities | cvebase