← back
CVE-2019-3686

XSS in distri and version parameter in openQA

CVSS 6.5 MEDIUMEPSS 0.6%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.6%KEV nãoPoC Patch
Lifecycle
17 Jan 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
SUSE · openQA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.suse.com/show_bug.cgi?id=1142849