Stored Cross-Site Scripting in Matrix42 Workspace Management by Matrix42
CVE-2019-19500

5.4MEDIUM

Key Information:

Vendor: Matrix42
Status: Workspace Management
Vendor: CVE Published:; 15 April 2020

What is CVE-2019-19500?

Matrix42 Workspace Management versions up to 9.1.2.2765 are vulnerable to stored cross-site scripting (XSS) due to inadequate validation of user inputs in description parameters. This flaw can be exploited by attackers to inject malicious scripts, particularly through the comment field of special orders for individual software. Successful exploitation can lead to unauthorized actions, data theft, or compromised user sessions, significantly impacting the security and integrity of affected systems.

References

http://seclists.org/fulldisclosure/2020/Apr/8

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/157232/Matrix42-Work...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 2, 2019

CVE-2019-19500 Data

JSON