CVE-2019-6180: XSS
First published: Tue Sep 03 2019(Updated: )
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo XClarity Administrator | <2.5.0 |
Remedy
Update your LXCA installation to version 2.5.0 or later.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-6180.
What is the severity level of CVE-2019-6180?
The severity level of CVE-2019-6180 is medium (4.8).
What is the affected software for CVE-2019-6180?
The affected software for CVE-2019-6180 is Lenovo XClarity Administrator versions prior to 2.5.0.
How does CVE-2019-6180 work?
CVE-2019-6180 is a stored cross-site scripting (XSS) vulnerability that allows an administrative user to store JavaScript code in Lenovo XClarity Administrator, which can be executed in the user's web browser.
Is there a fix available for CVE-2019-6180?
Yes, a fix for CVE-2019-6180 is available. Please refer to the official Lenovo support page for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- vendor/lenovo
- canonical/lenovo xclarity administrator