Cross-Site Scripting Vulnerability in Veeam ONE Reporter by Veeam Software
CVE-2019-14297

5.4MEDIUM

Key Information:

Vendor
Veeam
Vendor
CVE Published:
27 July 2019

Summary

A Cross-Site Scripting vulnerability in Veeam ONE Reporter 9.5.0.3201 allows attackers to exploit the Add/Edit Widget feature by inserting a crafted Caption field in the setDashboardWidget function within CommonDataHandlerReadOnly.ashx. This flaw can potentially lead to unauthorized script execution in the user's browser, putting sensitive data at risk.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.