CVE-2019-19865: XSS
First published: Fri Feb 21 2020(Updated: )
Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atos Unify OpenScape UC Web Client | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-19865?
CVE-2019-19865 is a vulnerability in Atos Unify OpenScape UC Application V9 and V10 that allows for stored XSS attacks.
How does CVE-2019-19865 work?
CVE-2019-19865 allows an attacker to inject arbitrary JavaScript code in the Profile Name field, which is then executed by a browser as a stored XSS payload.
What is the severity of CVE-2019-19865?
CVE-2019-19865 has a severity rating of medium, with a CVSS score of 6.1.
Which software versions are affected by CVE-2019-19865?
Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 are affected by CVE-2019-19865.
How do I fix CVE-2019-19865?
To fix CVE-2019-19865, users should upgrade to Atos Unify OpenScape UC Application V9 R4.31.0 or V10 R0.6.0, or apply the necessary security patches provided by the vendor.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/atos
- canonical/atos unify openscape uc web client
- version/atos unify openscape uc web client/1.0