CVE-2019-4388: XSS
First published: Wed Dec 18 2019(Updated: )
HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Appscan Source | <=9.0.3.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-4388?
CVE-2019-4388 is a vulnerability in HCL AppScan Source 9.0.3.13 and earlier that allows users to embed arbitrary JavaScript code in the Web UI, making it susceptible to cross-site scripting (XSS) attacks.
How severe is CVE-2019-4388?
CVE-2019-4388 has a severity of 4.8, which is considered medium.
How can I exploit CVE-2019-4388?
To exploit CVE-2019-4388, an attacker can embed arbitrary JavaScript code in the Web UI of HCL AppScan Source 9.0.3.13 and earlier, which can be executed by unsuspecting users visiting the affected page.
How can I fix CVE-2019-4388?
To fix CVE-2019-4388, it is recommended to upgrade to a version of HCL AppScan Source that is not vulnerable to this cross-site scripting (XSS) attack.
Are there any references for CVE-2019-4388?
Yes, you can find more information about CVE-2019-4388 at the following link: [https://hclpnpsupport.hcltech.com/csm?id=kb_article&sysparm_article=KB0074364](https://hclpnpsupport.hcltech.com/csm?id=kb_article&sysparm_article=KB0074364)
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/type
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/hcltech
- canonical/hcltech appscan source
- version/hcltech appscan source/9.0.3.13