Cross-Site Scripting Vulnerability in Tautulli by Tautulli
CVE-2019-8939

6.1MEDIUM

Key Information:

Vendor: Tautulli
Status: Tautulli
Vendor: CVE Published:; 19 February 2019

What is CVE-2019-8939?

A Cross-Site Scripting (XSS) vulnerability exists in Tautulli version 2.1.26 affecting how a crafted Plex username is mishandled during the generation of the History page. This flaw could allow attackers to execute malicious scripts in the context of a user's session, potentially compromising sensitive information or misleading users. Users are encouraged to apply necessary security patches and practice safe browsing habits to mitigate this risk.

References

https://github.com/Tautulli/Tautulli-Issues/issues/161

x_refsource_MISC

http://www.securityfocus.com/bid/107171

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2019
Vulnerability Reserved
Feb 19, 2019

CVE-2019-8939 Data

JSON