Cross-Site Scripting Vulnerability in UNA 10.0.0-RC1
CVE-2019-14804

4.8MEDIUM

Key Information:

Vendor

Una

Status
Una
Vendor
CVE Published:
9 August 2019

What is CVE-2019-14804?

UNA 10.0.0-RC1 contains a cross-site scripting vulnerability that can be exploited through the System Name field during the template editing process. An attacker can inject malicious scripts, which may execute in the browser of any user accessing this functionality. This vulnerability underscores the importance of validating and sanitizing user inputs to prevent potential attacks that compromise user data and application integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/unaio/una/commits/master/studio
x_refsource_MISC
https://pastebin.com/iMfs1BsM
x_refsource_MISC
http://packetstormsecurity.com/files/154018/UNA-10.0.0-RC...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.