CVE-2019-19632

An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
bigswitchbig_cloud_fabric
4.5 ≤
𝑥
< 4.5.5
bigswitchbig_cloud_fabric
4.7 ≤
𝑥
< 4.7.7
bigswitchbig_cloud_fabric
5.0 ≤
𝑥
< 5.0.1
bigswitchbig_cloud_fabric
5.1 ≤
𝑥
< 5.1.4
bigswitchbig_monitoring_fabric
6.2 ≤
𝑥
< 6.2.4
bigswitchbig_monitoring_fabric
6.3 ≤
𝑥
< 6.3.9
bigswitchbig_monitoring_fabric
7.0 ≤
𝑥
< 7.0.3
bigswitchbig_monitoring_fabric
7.1 ≤
𝑥
< 7.1.4
bigswitchmulti-cloud_director
𝑥
< 1.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://know.bishopfox.com/advisories
https://know.bishopfox.com/advisories/big-monitoring-fabric
https://know.bishopfox.com/advisories
https://know.bishopfox.com/advisories/big-monitoring-fabric