CVE-2019-19336

A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19336 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ovirt:ovirt-engine:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:redhat:virtualization:4.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-19 14:15

Updated : 2024-02-04 21:00


NVD link : CVE-2019-19336

Mitre link : CVE-2019-19336

CVE.ORG link : CVE-2019-19336


JSON object : View

Products Affected

redhat

  • virtualization

ovirt

  • ovirt-engine
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')