CVE-2019-6181: XSS
First published: Tue Sep 03 2019(Updated: )
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo XClarity Administrator | <2.5.0 |
Remedy
Update your LXCA installation to version 2.5.0 or later.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Lenovo XClarity Administrator vulnerability?
The vulnerability ID for this Lenovo XClarity Administrator vulnerability is CVE-2019-6181.
What is the severity of CVE-2019-6181?
The severity of CVE-2019-6181 is medium.
How does the vulnerability CVE-2019-6181 impact Lenovo XClarity Administrator?
The vulnerability CVE-2019-6181 allows a crafted URL to execute JavaScript code in the user's web browser when visited, but the JavaScript code is not executed in LXCA itself.
What software versions are affected by the Lenovo XClarity Administrator vulnerability CVE-2019-6181?
The Lenovo XClarity Administrator vulnerability CVE-2019-6181 affects versions prior to 2.5.0.
How can I fix the Lenovo XClarity Administrator vulnerability CVE-2019-6181?
To fix the Lenovo XClarity Administrator vulnerability CVE-2019-6181, update to version 2.5.0 or later.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/lenovo
- canonical/lenovo xclarity administrator