CVE-2019-19496: XSS
First published: Mon Dec 02 2019(Updated: )
Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Alfresco Alfresco | <5.2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-19496?
The severity of CVE-2019-19496 is medium with a CVSS score of 5.4.
How does CVE-2019-19496 affect Alfresco Enterprise?
CVE-2019-19496 affects Alfresco Enterprise versions up to and excluding 5.2.5.
What is the vulnerability description of CVE-2019-19496?
CVE-2019-19496 is a stored cross-site scripting (XSS) vulnerability in Alfresco Enterprise that occurs when an uploaded HTML document is not properly sanitized.
How can I exploit CVE-2019-19496?
To exploit CVE-2019-19496, an attacker can upload a malicious HTML document containing script code, which will then be executed by unsuspecting users who view the document.
How can I mitigate CVE-2019-19496?
To mitigate CVE-2019-19496, upgrade Alfresco Enterprise to version 5.2.5 or later, which includes a fix for this vulnerability.
- collector/nvd-index
- vendor/alfresco
- canonical/alfresco alfresco