CVE-2019-14862: XSS
First published: Thu Jan 02 2020(Updated: )
Knockout is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Knockoutjs Knockout | <=3.4.2 | |
| Redhat Decision Manager | =7.0 | |
| Redhat Process Automation | =7.0 | |
| Oracle Business Intelligence | =5.5.0.0.0 | |
| Oracle Business Intelligence | =12.2.1.3.0 | |
| Oracle Business Intelligence | =12.2.1.4.0 | |
| Oracle GoldenGate | =12.3.0.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14862
- https://snyk.io/vuln/npm:knockout:20180213
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/173894
- https://www.ibm.com/support/pages/node/6336361 (Advisory)
Frequently Asked Questions
What is CVE-2019-14862?
CVE-2019-14862 is a vulnerability in Knockout before version 3.5.0-beta that allows for cross-site scripting attacks.
How does CVE-2019-14862 work?
CVE-2019-14862 works by improper validation of user-supplied input, allowing a remote attacker to inject malicious scripts that can be executed in a victim's web browser.
What is the severity of CVE-2019-14862?
The severity of CVE-2019-14862 is medium with a CVSS score of 6.1.
Which software versions are affected by CVE-2019-14862?
Knockout before version 3.5.0-beta is affected by CVE-2019-14862.
How can I fix CVE-2019-14862?
To fix CVE-2019-14862, it is recommended to update to version 3.5.0-beta or later of Knockout.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/ibm-support
- source/IBM
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/event
- agent/trending
- vendor/knockoutjs
- canonical/knockoutjs knockout
- version/knockoutjs knockout/3.4.2
- vendor/redhat
- canonical/redhat decision manager
- version/redhat decision manager/7.0
- canonical/redhat process automation
- version/redhat process automation/7.0
- vendor/oracle
- canonical/oracle business intelligence
- version/oracle business intelligence/5.5.0.0.0
- version/oracle business intelligence/12.2.1.3.0
- version/oracle business intelligence/12.2.1.4.0
- canonical/oracle goldengate
- version/oracle goldengate/12.3.0.1.2