Home > Vulnerability Database > WS-2019-0134

Mend.io Vulnerability Database

WS-2019-0134

Good to know:

Date: June 4, 2019

ids-enterprise has a Cross-Site Scripting vulnerability in versions before 4.18.2 due to failure of the The modal component to sanitize nput to the title attribute, which may allow attackers to execute arbitrary JavaScript.

Language: JS

Severity Score

6.5

Related Resources (3)

Url: https://github.com/infor-design/enterprise-ng/issues/511

Url: https://github.com/infor-design/enterprise/commit/9b57aaa0321bf2e5baa6c4c5c1eb3b8312e215c4

Url: https://www.mend.io/vulnerability-database/WS-2019-0134

Severity Score

6.5

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

Top Fix

Upgrade Version

Upgrade to version ids-enterprise - 4.18.2;ids-enterprise - 4.18.2

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2019-0134

Good to know:

Date: June 4, 2019

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?