CVE-2019-11454
MEDIUM6.1EPSS 1.1%monit - security update
發布日:2019/4/22修改日:2025/11/19
也稱為:ALPINE-CVE-2019-11454DEBIAN-CVE-2019-11454
描述
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
受影響套件(4)
- Alpine/monitfrom 0, < 5.24.0-r2
- Debian/monitfrom 0, < 1:5.25.3-1
- Debian/monitfrom 0, < 1:5.9-1+deb8u2
- Debian/monitfrom 0, < 1:5.20.0-6+deb9u2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |