Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3826

Опубликовано: 26 мар. 2019
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:prometheus:prometheus:*:*:*:*:*:*:*:*
Версия до 2.7.1 (исключая)
Конфигурация 2
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

EPSS

Процентиль: 83%
0.01981
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79
CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2019-3826

CVSS3: 6.1
ubuntu
почти 7 лет назад

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.

redhat логотип

CVE-2019-3826

CVSS3: 6.1
redhat
около 7 лет назад

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.

debian логотип

CVE-2019-3826

CVSS3: 6.1
debian
почти 7 лет назад

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prom ...

github логотип

GHSA-3m87-5598-2v4f

CVSS3: 5.4
github
около 2 лет назад

Withdrawn Advisory: Prometheus XSS Vulnerability

EPSS

Процентиль: 83%
0.01981
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79
CWE-79