CVE-2019-25265
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
3Tags
Description
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft and client-side script execution.
Analysis
group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field is affected by cross-site scripting (xss) (CVSS 6.4).
Technical Context
This vulnerability (CWE-79: Cross-site Scripting (XSS)) affects group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field. Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft and client-side script execution.
Affected Products
Product: group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field.
Remediation
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today