Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/155274/Prima-Access-Control-2.3.35-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
| https://applied-risk.com/index.php/download_file/view/199/165 | Broken Link |
| https://applied-risk.com/labs/advisories | Not Applicable Third Party Advisory |
| https://applied-risk.com/resources/ar-2019-007 | Third Party Advisory |
| https://www.us-cert.gov/ics/advisories/icsa-19-211-02 | Third Party Advisory US Government Resource |
Configurations
History
25 Oct 2022, 15:39
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 9.0 |
| References | (MISC) https://www.us-cert.gov/ics/advisories/icsa-19-211-02 - Third Party Advisory, US Government Resource | |
| References | (MISC) http://packetstormsecurity.com/files/155274/Prima-Access-Control-2.3.35-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry | |
| References | (MISC) https://applied-risk.com/labs/advisories - Not Applicable, Third Party Advisory |
Information
Published : 2019-06-05 19:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-7671
Mitre link : CVE-2019-7671
CVE.ORG link : CVE-2019-7671
JSON object : View
Products Affected
primasystems
- flexair
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')