CVE-2019-13066: XSS
First published: Tue Oct 29 2019(Updated: )
Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger reflected XSS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sahipro Sahi Pro | =8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-13066.
What is the severity of CVE-2019-13066?
The severity of CVE-2019-13066 is medium.
Which software version is affected by CVE-2019-13066?
Sahi Pro version 8.0.0 is affected by CVE-2019-13066.
What is the CWE number associated with CVE-2019-13066?
The CWE number associated with CVE-2019-13066 is CWE-79.
How can I fix the vulnerability in Sahi Pro 8.0.0?
To fix the vulnerability in Sahi Pro 8.0.0, it is recommended to update to a patched version or apply the necessary security updates provided by the vendor.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/sahipro
- canonical/sahipro sahi pro
- version/sahipro sahi pro/8.0.0