Cross-Site Scripting Vulnerability in Veeam ONE Reporter by Veeam Software
CVE-2019-14297
5.4MEDIUM
Summary
A Cross-Site Scripting vulnerability in Veeam ONE Reporter 9.5.0.3201 allows attackers to exploit the Add/Edit Widget feature by inserting a crafted Caption field in the setDashboardWidget function within CommonDataHandlerReadOnly.ashx. This flaw can potentially lead to unauthorized script execution in the user's browser, putting sensitive data at risk.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved