Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site.
                
            References
                    | Link | Resource | 
|---|---|
| http://packetstormsecurity.com/files/155274/Prima-Access-Control-2.3.35-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry | 
| https://applied-risk.com/index.php/download_file/view/199/165 | Broken Link | 
| https://applied-risk.com/labs/advisories | Not Applicable Third Party Advisory | 
| https://applied-risk.com/resources/ar-2019-007 | Third Party Advisory | 
| https://www.us-cert.gov/ics/advisories/icsa-19-211-02 | Third Party Advisory US Government Resource | 
| http://packetstormsecurity.com/files/155274/Prima-Access-Control-2.3.35-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry | 
| https://applied-risk.com/index.php/download_file/view/199/165 | Broken Link | 
| https://applied-risk.com/labs/advisories | Not Applicable Third Party Advisory | 
| https://applied-risk.com/resources/ar-2019-007 | Third Party Advisory | 
| https://www.us-cert.gov/ics/advisories/icsa-19-211-02 | Third Party Advisory US Government Resource | 
Configurations
                    History
                    21 Nov 2024, 04:48
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () http://packetstormsecurity.com/files/155274/Prima-Access-Control-2.3.35-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry | |
| References | () https://applied-risk.com/index.php/download_file/view/199/165 - Broken Link | |
| References | () https://applied-risk.com/labs/advisories - Not Applicable, Third Party Advisory | |
| References | () https://applied-risk.com/resources/ar-2019-007 - Third Party Advisory | |
| References | () https://www.us-cert.gov/ics/advisories/icsa-19-211-02 - Third Party Advisory, US Government Resource | 
25 Oct 2022, 15:39
| Type | Values Removed | Values Added | 
|---|---|---|
| CVSS | v2 : v3 : | v2 : 3.5 v3 : 9.0 | 
| References | (MISC) http://packetstormsecurity.com/files/155274/Prima-Access-Control-2.3.35-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry | |
| References | (MISC) https://www.us-cert.gov/ics/advisories/icsa-19-211-02 - Third Party Advisory, US Government Resource | |
| References | (MISC) https://applied-risk.com/labs/advisories - Not Applicable, Third Party Advisory | 
Information
                Published : 2019-06-05 19:29
Updated : 2024-11-21 04:48
NVD link : CVE-2019-7671
Mitre link : CVE-2019-7671
CVE.ORG link : CVE-2019-7671
JSON object : View
Products Affected
                primasystems
- flexair
CWE
                
                    
                        
                        CWE-79
                        
            Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
